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SHAWN POWERS 


When Underdogs 
Take Over the World 


support personnel and IT folks in general 

are rarely in the limelight. It's no secret, 
however, that the people behind the scenes are 
truly the ones running the world. As part of the 
geeky infrastructure that keeps the planet going, 
we all know the power of the underdog. Heck, 
we “save the day” on a regular basis, and most 
people never are the wiser. Can you imagine a 
world without any IT staff? Oh sure, that might 
seem a bit arrogant, but really, with little fanfare, 
we keep the end users happy. And, our operat- 
ing system of choice? Linux, of course. 

With its relatively small desktop market share, 
Linux often is considered an underdog. Here at 
Linux Journal, we prefer to think of it more along 
the lines of “Undiscovered Superhero”, but 
however you look at it, Linux is the operating 
system that is easy to love. If you take off the 
wide-angle lens, however, and look strictly at 
software in the Open Source community, we 
have underdogs of our own. This month, we 
decided it would be nice to give the spotlight to 
those diamonds in the rough. 

If you're reading this article on the Linux 
Journal Web site, chances are you're using the 
Firefox browser to do so. Firefox certainly isn’t an 
underdog anymore, but James Gray gives us a 
play-by-play history of its evolution from the very 
beginning. Hopefully, the Firefox success story 
will be one we see repeated over and over. 
Will Xara Xtreme be the next application to 
offer some serious competition in its field? 
Well, switching to an open-source license for 
its core program certainly is a step in the right 
direction. Dan Sawyer shows us this graphics 
and illustration design program that is now 
available. If you're tired of running Adobe 
Illustrator via Wine, you'll love the new Linux 
native Xara Xtreme. 

If indeed you are reading this on-line, you've 
probably correctly assumed that LinuxJournal.com 
is hosted with Apache. That should come as 
no surprise, but what might come as a bit of 
a shock is that Will Reese tells us Nginx might 


Prsircoes network administrators, tech- 
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be a better alternative. Thankfully, it’s still very 
much an open-source project, so we're at 
least willing to listen. Cory Wright tells us 
about a wonderful alternative to BIND as well. 
If security and configuration concerns about 
BIND have given you cause to worry, djbdns 
just might be the ticket. Cory walks us through 
the why, how and where of configuring this 
little-known DNS server. 

What discussion regarding underdogs would 
be complete without talking about the command 
line? Love it or hate it, Linux is built around the 
terminal. Kyle Rankin tells us how to get the most 
out of our terminal by splitting it up. If you're not 
sure what you would put in a split-window 
xterm, a good place to start is with e-mail. Victor 
Gregorio tells us all about Mutt, a command-line 
e-mail client that has more features than many of 
its GUI counterparts. 

Here at Linux Journal, however, we're all about 
choice. If the command line makes you nervous, 
there are plenty of GUI alternatives. Heck, we even 
have choices when it comes to the version of 
Linux distribution you want to run. Many of us use 
the “big dogs” of the Linux world when it comes 
to distros, but what about Gentoo? It’s certainly 
not for the faint of heart, but Mike Diehl thinks it 
might be worth the time it takes to install. 

Perhaps after reading his article, you'll agree. 

If you're just looking to cheer for the under- 
dog or hoping to discover the Next Big Thing, 
this issue should educate, enlighten and enter- 
tain. As always, we have our full lineup of regu- 
lar columns, helpful tech tips, and geek-friendly 
product reviews. So whether you stay up reading 
all night or start a stockpile of reading material 
for the analog television blackout in February 
(Doc Searls talks about that this month as well), 
this issue is bound to be a keeper.= 


Shawn Powers is the Associate Editor for Linux Journal. He's also the Gadget 
Guy for LinuxJournal.com, and he has an interesting collection of vintage 
Garfield coffee mugs. Don’t let his silly hairdo fool you, he’s a pretty ordinary 
guy and can be reached via e-mail at shawn@linuxjournal.com. Or, swing 
by the #linuxjournal IRC channel on Freenode.net. 
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Netbooks 

Longtime subscriber here (from probably 
back in the late 90s or so). I’ve spent 
time in various engineering, IT and sup- 
port positions during, before and after 
college to end up where | am now, and 
along the way, I've continually found 
my ideal notebook shrinking further and 
further, and my tolerance of bootup 
times shrinking proportionately. 


This finally came to a head in 2004, 
when your hardware reviewer test- 
drove the Sharp Actius MM10, 
arguably the pinnacle of all ultramobile 
notebooks that came before. | was 
convinced and bought one from the 
same folks that supplied yours (in 
fact, | bought the actua/ review unit 
your reviewer used). | immediately fell 
in love with it for various reasons, 
and it followed me across the country 
several times, from Alaska to Florida, 
from the US to India and back. | 
became hooked to its light useful- 
ness, and the 7.5-8 hours on the 
9-cell battery. | patched my kernel 
with laptop mode, tweaked my jour- 
nal commit times, and learned to love 
Xfce and later Fluxbox. | could power 
and boot fully in less than 30 seconds 
(though | later added some nice con- 
venient things that lengthened it, but 
it still was less than one minute). | 


got used to its weird little keyboard 
and learned how rarely | actually use 
an optical drive. | turned in lessons, 
then later administered remote 
servers, and yet later wrote code in 
vim via a VPN connection over wire- 
less to the office from outdoors, air- 
ports and friends’ houses (truly—how 
boring a guest am I?). 


This was all fantastic and magical until 
its motherboard decided to stop playing 
nice with IDE devices sometime in late 
2006. Nothing else on the market came 
close. There was no direct replacement. 
Well, some came close, but their 12" 
screens wouldn't fit the accessories I'd 
accumulated over time, or their low- 
power modes wouldn't yield the same 
battery life with their high-capacity bat- 
teries, or not all of their hardware had 
kernel support, or they cost way too 
much. | felt utterly abandoned by the 
industry, which seemed to assume that 
folks with my needs are obviously in the 
market for an overpriced tablet PC, 
essentially the only machines attempting 
to meet the MM10's form factor and 
feature set. 


Then, sometime last year, something 
interesting, amazing and incredible 
happened. For completely tangential 
reasons, the industry saw fit to meet 
this exact market and form factor, 
and then one-up me by competing 
on price as well! Since then, I’ve tried 
to follow this mini-notebook trend, 
largely publicized via OLPC’s XO, then 
later ASUS’s Eee PC 700. And, the 
movement got a name—the netbook. 
I'm not sure I'm sold on this name, 
but it is certainly adequate, and at 
least | can tell the world that what 
I've been looking for has a name. 


One great thing is these netbooks rec- 
ognized that your typical desktop distri- 
bution (further, no operating system 
available) didn’t really cater to a highly 
mobile audience and heavily customized 
them to address this issue. Hence, full 
GNU/Linux support is a foregone issue. 
Astounding! So, | have hope, and I'm in 
the market for an MM10 replacement 
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now. It shouldn't be too hard, because 
most of the new models out-sport com- 
parable specs in most areas and exceed 
in others (I'll take your 15G hard drive, 
and double it as an SSD, no less). 


What about the HP 2133 Mini-Note 
KX872AA? How about the MSI Wind? 
Any implementations of the new VIA 
OpenBook reference implementation? 
The new Eee PC 900? The brand-new 
mystery Dell netbook that everyone's 
salivating over now? There are others | 
know nothing about, I’m sure. How 
about a netbook showdown? 


Sunit Das 


showdate 

Joshua's response to my showdate 
tech tip is indeed very helpful [see 
Letters in the March 2008 issue of LJ]. 
Frankly, | was not aware of the versatility 
of GNU's date program. | wrote show- 
date a long time ago and have used it 
for doing all sorts of date arithmetic, 
and | thought it would be nice to share 
it with others. showdate, however, is 
not broken or quirky, and if someone 
does find a bug in it, please contact me 
at ssahore@yahoo.com. It certainly has 
room for improvement—for example, 
the ability to change its datum or use 
string-valued symbols, such as now, 
before, after, ago and so forth. 


Sandeep 


Alternate Image Resizing 
Script 

| would like to suggest an alternative 
solution for the image resizing script 
presented by Dave Taylor in his Work 
the Shell column in the June 2008 issue 
of LU. 


The basic script on page 29 contains 
nine calls to system utilities. That means 
every loop cycle will start nine separate 
processes. This is the price for the string 
splitting and the floating-point arith- 
metic used, which can be completely 
avoided by two simple tricks. What 
remains is a solution with one call to 
file. This will save about 70% runtime 


when used in a loop running more than 
100 arbitrary image files: 


declare -i multiplier=75 # in percent (integer) 
filename="edit.png" 


string=( $(file "$filename") ) # make an array from output 
width=${string[4]} # select width 
height=${string[6]} # select height 


height=${height/,/} # remove trailing comma 


let width=($width*$multiplier)/100 # new width 
let height=($height*$multiplier)/100 # new height 


echo "$filename scaled: width=$width height=$height" 


Fritz Mehner 


Indy Tux 
Thought this image might give you a 
laugh if you haven't already seen it. 


Courtesy of SEO (www.seoclinic.co.uk). 


Mike Wax 


Sed Is Your Friend 

Everything shown in Dave Taylor's July 
2008 Work the Shell column using 
combinations of sed/grep/cut/etc can 
be drastically simplified, not to mention 
lighten the load on the system. 


To grab the initial top list of films: 


curl -s http://www.imdb.com/chart/top | \ 

sed -e 's/>/>\ 

/g' | \ 

sed -n -e 's/.*\(\/title\/tt.*\/\).*/http:\/\/www. imdb.com\1/pg' > 


top250. txt 


To fetch the titles: 


curl.-5. "$2" | \ 
sed -n -e '/<title>/s/<title>\(.*\) (\([0-9] [0-9] [0-9] [0-9]\)).*/\1 | 


\2/p' 


And, finally, please—cat'ing a file into a 
pipeline that then uses head to peel off 
a subset of lines? 


for name in $(head -10 top250.txt) 
do 

sh ./getfileinfo.sh ${name} 
done 


Randy Medd 


Dave Taylor replies: Thanks for your 
note and reminder of the power of 
sed. It’s tricky. | try to find a balance 


(LETTERS 


between having incredibly obfuscated 
but powerful invocations of individual 
commands and having an evolving 
sequence of commands in pipes that 
mimic how most people develop shell 
scripts. Sometimes it produces utilities 
that are less than maximally efficient, 
but really, if it’s run once a week, do 
535.4 milliseconds really matter? 


DTV Help 

Thanks to Alolita Sharma for her 
article on DTV in the July 2008 issue 
of Linux Journal. 


A couple years ago, my wife and | pur- 
chased a Hauppauge DVR-950 for use 
with our HP laptop. At the time, we 

wanted to find out what was available 
in HD via the local over-the-air stations 


‘Prices on 


ya servers 
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before committing to the purchase of 
an HDTV receiver. We continue to use 
the 950 occasionally to record and 
play back programs. 


| have been dual-booting the laptop 
since the release of Dapper Drake 
and have found increasingly little use 
for Windows with the exception of 
running the 950. Thanks to your 
article, | believe the day is close at 
hand when | will be able to eliminate 
Windows entirely. 


| picked up my copy of LJ last 
Thursday and read your article over 
the weekend. On Monday, | started 
working on the project, and by 


Monday afternoon | had MythTV 
up and running. At first, | had a 
problem with accessing the MySQL 
server, but after running the con- 
figuration utilities and resetting the 
password, | was able to get into 
the back end set up. After making 
a few educated guesses on the 
front end setup, | was able to get 
MythTV to scan for and find the 
active broadcast channels, and 
now have it working just fine for 
watching and recording DTV. | still 
need to refine the setup just a 

bit but | don’t think that will be 
difficult at all. 


William Parmley 


PHOTO OF THE MONTH 


Tux Cupcakes 


send you a free T-shirt. 


Have a photo you'd like to share with L/ readers? Send your submission 
to publisher@linuxjournal.com. If we run yours in the magazine, we'll 


Did you know Linux Journal maintains a mailing list where list members discuss all things 
Linux? Join LJ’s linux-list today: http://lists2.linuxjournal.com/mailman/listinfo/linux-list. 
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the latest version of the Linux kernel, 
this new edition gives you the basics 


of building embedded Linux systems, learn how Python can provide a no matter what platform you use. 
along with the configuration, setup, more efficient way to handle them. Master developer Neal Ford details 
and use of more than 40 different Once you finish this book, you'll be ten valuable practices that will help 
open source and free software able to develop your own set of you elude common traps, improve 
packages commonly used. command-line utilities with Python your code, and become more valuable 


to tackle a wide range of problems. to your team. 


Taking you through the process from building better basic systems, to solving problems more efficiently, 
to doing it all faster and better, these books will enhance the way you use technology. Buy 2 books, get 
the 3rd FREE! Use discount code OPC10. All orders over $29.95 qualify for free shipping within the US. 


O’REILLY 


Spreading the knowledge of innovators oreilly.com 


©2007 O'Reilly Media, Inc. O'Reilly logo is a registered trademark of O'Reilly Media, Inc. 
All other trademarks are the property of their respective owners. 80544 


UP 


There's an interest- 
ing new project, the 
Kernel Library 


e 
diff -u 
WHAT'S NEW Project, that aims 
IN KERNEL to port the Linux OS 
DEVELOPMENT (features, such as the 

Virtual Filesystem, 
into a generic library that would work 
on any other operating system. 
Octavian Purdila, Stefania Costache 
and Lucian Adrian Grijincu have been 
working on this, and it could make it 
a lot easier to run Linux software any- 
where else a user might want to run 
it. If you find this interesting, they're 
looking for volunteers to help out. 

Mark Lord, Tejun Heo and a vari- 
ety of others have been keeping Serial 
ATA good and solid. At the moment, 
they are focusing on fixing, or at least 
working around, all stability issues. In 
some cases, they've been making very 
small speed sacrifices in order to make 
sure that certain rare problems don’t 
come up at all. At some point, they 
plan to revamp some of the code, in 
order to solve the problems and 
improve speed, but that will require 
more invasive changes. For the 
moment, they simply want to make 
sure that absolutely nothing can go 
wrong for users. Kudos to them for 
keeping up that discipline. As everyone 
knows, it’s much more fun to throw 
caution to the wind and just build lots 
of new features. 

Believe it or not, there still are plenty 
of people using 2.4 in the world. I’m 
sure they all wish they could upgrade to 
2.6, and the kernel developers wish that 
too, but undoubtedly, there are reasons 
why their entire corporate infrastructure 
and all their products would break if 
they upgraded to 2.6. And for those 
users, Willy Tarreau has just come 
out with 2.4.36.4, which includes a 
small number of key security fixes. 
Willy encourages all 2.4 users to 
upgrade to 2.4. 

David Woodhouse and Paul 
Gortmaker now are officially in charge 
of embedded systems. The idea of 
having a maintainer for a general kernel 
concept like embedded systems is fairly 
new, and it creates some ambiguity for 
people submitting patches. Do they 


submit patches to the maintainer of 
the specific hardware driver or to the 
embedded system maintainers? In 
practice, it’s likely that this won't be a 
real concern, and folks will get used 
to cc-ing whomever they should on 
their e-mail messages. 

Another potential problem with 
having an overarching embedded sys- 
tem maintainer is that such a person 
might become hypnotized by the idea 
of reducing size at any cost, as Andi 
Kleen has pointed out. But, David has 
reassured him and everyone else, that 
size reduction is only one part of sup- 
porting embedded devices, and that the 
new maintainers plan to keep a broad 
outlook, making sure their changes are 
good for everyone (or at least not 
harmful to larger systems or to the 
kernel sources themselves). 

One of David and Paul’s main hopes, 
and Andrew Morton's as well as the 
whole thing was his idea to begin with, 
is that companies designing embedded 
devices will work with David and Paul 
to create a better dialogue between 
that class of companies and the 
kernel developers. 

Adrian Bunk has submitted a 
patch to remove the final PCI OSS 
driver from the kernel. The Trident 
4DWave/SIS 7018 PCI Audio Core 
has been on Adrian's hit list for a very 
long time, but Muli Ben-Yehuda 
always has resisted. Now that Muli 
has moved on to other projects, and 
an ALSA driver exists that works for 
the exact same hardware, Adrian’s 
patience has paid off. OSS finally is 
fully out of the kernel. 

UBIFS seems to be on a relatively 
fast track into the main kernel tree. The 
new Flash filesystem is likely to go into 
Linux-Next for a while, and from there, 
it should feed relatively automatically 
into Linus Torvalds’ tree at the next 
merge window. Artem Bityutskiy 
set the wheels in motion with a for- 
mal request to Stephen Rothwell. 
Christoph Hellwig had a lot of feed- 
back on the code for Artem, and it 
came out that NFS would be very 
difficult for UBIFS to support without 
significant code revisions. Artem was 
surprised to learn about that, and 
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admitted that yes, probably the initial 
version of UBIFS in Linus’ tree would 
not support NFS. This doesn’t seem to 
bother anyone, and in any case, Artem 
already is working on some ideas to fix 
the problems around NFS support. It 
does seem as though UBIFS will soon be 
part of the official kernel releases. 

Recently, there was a fairly signifi- 
cant effort to eliminate the BKL (Big 
Kernel Lock) by replacing it with 
semaphores. This is an excellent goal, 
with all kinds of speed implications for 
regular users, but unfortunately, the 
particular implementation had some 
speed problems of its own that led 
Linus Torvalds eventually to undo the 
change entirely. This fairly severe step 
was prompted partly by the speed 
issues of the semaphore solution and 
partly by the sense that there must be 
a better solution out there. 

Everyone, including Linus, wants to 
get rid of the BKL. But, doing this is 
very hard. The BKL has various qualities 
that are difficult to implement in any of 
the available alternative locking meth- 
ods, and it also has some subtleties that 
make it hard to determine whether a 
given alternate implementation is doing 
the right thing or not. 

Ingo Molnar, therefore, has decid- 
ed to cut through the morass, with a 
partial solution that will make the full 
solution much more manageable. He 
plans first of all to extract all the BKL 
code out of the core kernel and into 
an isolated part of the source tree, 
where it can one day be replaced 
entirely, without requiring any subtle 
changes to core code. Eventually, he 
hopes to push each occurrence of the 
BKL into the relevant subsystem code, 
where it could be replaced with cleaner 
subsystem locks, which in turn could 
be eliminated in a more normal and 
familiar way. 

With Ingo on the job, and Linus 
taking an active part, a lot of other 
big-time hackers have piled on, and 
there is no doubt that very significant 
locking changes are in store for the 
kernel. What does this mean for regular 
users? Probably a snappier, speedier 
kernel in the relatively near future. 

—ZACK BROWN 


LJ Index, 
September 2008 


1. Number of directories in kernel 2.26: 1,417 
2. Number of files in kernel 2.26: 23,810 

3. Number of lines in kernel 2.26: 9,257,383 
4. Number of directories in gcc 4.4: 3,563 

5. Number of files in gcc 4.4: 58,264 

6. Number of lines in gcc 4.4: 10,187,740 

7. Number of directories in KDE 4.0: 7,515 

8. Number of files in KDE 4.0: 100,688 

9. Number of lines in KDE 4.0: 25,325,252 
10. Number of directories in GNOME 2.23: 573 
11. Number of files in GNOME 2.23: 8,278 


12. Number of lines in GNOME 2.23: 4,780,168 


13. Number of directories in X Window System 
7.3: 1,023 


14. Number of files in X Window System 
7.3: 14,976 


15. Number of lines in X Window System 
7.3: 21,674,310 


16. Number of directories in Eclipse 3.4: 
297,500 


17. Number of files in Eclipse 3.4: 912,309 


18. Number of lines in Eclipse 3.4: 94,187,895 


19. Number of dollars in the US National 
Debt: 9,388,297,685,583 


20. Dollars earned per line by open-source 
developers if the US Debt had been used 
to fund these projects: 56,756 


1-18: we -1 
19: www. brillig.com/debt_clock 
20: math 
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Adios Windows 9x 


The upcoming release of Cygwin 
version 1.7 will be dropping support 
for Windows 9x (Windows 95, 
Windows 98 and Windows Me). If 
you're lucky enough never to have 
to use Windows, Cygwin probably 
seems like a waste of effort. But, if 
you're not so lucky, Cygwin is what 
keeps you sane. 

Cygwin is a Linux-like environ- 
ment that runs on Windows. It 
provides you with a command-line 
environment with most of the tools 
you've come to know and love 
using Linux. It even provides a 
number of Linux daemons that can 
run as Windows’ services, most 
notably an SSH damon. 

There also is a port of the X 
Window System called Cygwin/X, but 
it appears to have been without a 
maintainer for a few years. Given 
that most of the major open-source 
GUI toolkits now support Windows, 


lack of the X Window System may 
not be a huge stumbling block. 

Cygwin was started in 1995 by 
Steve Chamberlain, an engineer 
working for Cygnus (later absorbed 
by Red Hat). The earliest mailing list 
references on the Web are in early 
1997, by which time it appears to 
have been in a functional state. 

If you understand programming 
on Windows and on Linux, and you 
need some mental exercise, try to 
figure how you'd implement fork() 
on Windows. If you want to cheat, 
check out cygwin/fork.cc in the 
Cygwin CVS. 

We can all imagine a better world, 
one where our favorite operating 
system is ubiquitous, but imagine a 
world without Cygwin. If you have 
to use Windows now and then, that 
would be a scary world indeed. 

Get it at cygwin.com. 

—MITCH FRAZIER 


New LinuxJournal.com Mobile 


We are all very excited to let you 
know that LinuxJournal.com is 
now optimized for mobile view- 
ing. You can enjoy all of our 
news, blogs and articles from 
anywhere you can find a data 
connection on your phone or 
mobile device. 

We know you find it diffi- 
cult to be separated from your 
Linux Journal, so now you can 
take LinuxJournal.com every- 
where. Need to read that 
latest shell script trick right 
now? You got it. 

Go to m.linuxjournal.com 
to enjoy this new experience, 
and be sure to let us know how 
it works for you. 


—KATHERINE DRUCKMAN 
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Eclipse Ganymede 


The latest version of Eclipse, version 
3.4, aka Ganymede, should be avail- 
able by the time you read this. If 
you've never looked at Eclipse and 
you work with multiple programming 
languages or multiple platforms, take 
some time to try Eclipse. 

Be prepared. Eclipse is a large, 
complex tool, and you won't grok 
it if you invest only 15 minutes. In 
addition to being large and complex, 
Eclipse’s roots are at IBM, and it’s 
big in the Java world, so there’s a 
bit of “Blue-Speak” and “Enterprise- 
Speak” to deal with at times (and, 
of course, XML). 

Most IDEs come with built-in 
“support” for lots of programming 
languages. Although for a lot of 
them, support means it colorizes 
your code. Eclipse is a bit different. 
It doesn’t come with built-in support 
for many languages, or any, 
depending on the version you 
download. Support is provided via 
Eclipse Plugins. And normally, 
“support” means more than just 
colorizing your code. You usually get 
something that understands your 
language. It can show you an out- 
line of the functions and data in 
your code; it can help you refactor 


code; it can show where something 
is defined, and it integrates with the 
language's debugger. 

Eclipse is not without its annoy- 
ances. Perhaps the most annoying is 
that it's only an IDE and not a text 
editor. Of course it edits text, but it’s 
not a general-purpose text editor. If 
you want to open a file that’s not 
part of a project, it’s a bit cumber- 
some. There's no filesystem browser, 
and the open dialog doesn’t remem- 
ber the directory that you used last 
time. And, if you don’t have a plugin 
for the file type you open, you don’t 
get any code colorizing. So, you 
often end up using Eclipse for your 
“projects” but then using another 
text editor to look at files that aren‘t 
part of your project. 

If you develop only C++ applica- 
tions for KDE on Linux, or only XXX 
applications for YYY on ZZZ, there 
might be a better IDE than Eclipse. 
However, if you use multiple lan- 
guages and/or multiple systems, and 
you want to use only a single IDE, 
there’s no better IDE than Eclipse. 
And, even if you use only one 
language on one system, Eclipse 
sets the bar pretty high. 

—MITCH FRAZIER 


They Said It 


Not everything worth doing is worth 
doing well. 

—Tom West, from The Soul of a New Machine by 
Tracy Kidder, 1981 


Technology has the shelf life of a banana. 
—Scott McNealy 


Never trust a computer you can’t throw 
out a window. 
—Steve Wozniak 


Computers are useless. They can only 
give you answers. 
—Pablo Picasso 


In the long run, paying for Wi-Fi in your 
hotel will be like paying to use the toilet 
or the heater. You won't. Meanwhile, 

it would be nice if it were easy, cheap, 
good, or at least two out of those three. 
—Doc Searls, blogs.law.harvard.edu/doc/2008/06/01/ 
theres-gotta-be-a-better-way 


First, it [Microsoft] “embraces” the won- 
derfulness of open source; then it 
“extends” open source through deals 
like the one it signed with Novell, effec- 
tively adding software patents to the 
free software mix; and then, one day, it 
“extinguishes” it by changing the terms 
of the licences it grants. 

—Glyn Moody on Microsoft's old embrace, extend and 
extinguish cha-cha, www.linuxjournal.com/ 
content/should-we-boycott-microsoft-can-we 


Like the Presidential campaign, it’s not 
who is most experienced or most viral or 
any of that. Rather, it’s who's left after 
the least are gone. All the religious 
arguments—closed versus open in partic- 
ular—are left in the dust by our desire 
to live as much in the future as we can. 
—Steve Gillmor on the iPhone, gesturelab.com/?p=111 


How much marketing fakery do you will- 
ingly accept, and how much do you want 
to know about? Does the vegetarian really 
want to know that they didn’t wash the 
pot at the restaurant and a few molecules 
of chicken broth are in that soup? 

—Seth Godin, sethgodin.typepad.com/seths_blog/2008/ 
06/authenticity-an.html 


USER FRIENDLY by J.D. “Iiliad™ Frazer 


WOW/ HAVE YOU 
SEEN THIS? IT'S 
THE INTERACTIVE 


COPYAIGNTIE;2008 J.D. “Iliad” Frazer MTTP://WWW.USERFRIENDLY.ORG/ 


HUNH. WAS THINKINK IT 
WAS FUNCTION MAP FOR 
BORG COLLECTIVE. 


DO YOU SEE A 


‘DEUS EX MACHINA’ 
FUNCTION? NO! 
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As long as you have one person to talk 
to, you have a community. And | think 
way too many people are looking at 
how many Twitter followers they have, 
or how many RSS people they're having 
following them and that’s a mistake. 
You need to embrace your community 
no matter how big or small—I mean, 
everyone started off real small. 

—Gary Vaynerchuk, garyvaynerchuk.com/2008/06/05/ 
when-do-you-know-you-have-a-community 
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Linux on the Desktop? Who Cares? 


Every so often, you read on Slashdot, 
Digg or some other techie news site 
that Linux is finally ready for the desk- 
top. It’s finally to the point that any end 
user could sit down at a computer and 
happily compute away. The applications 
are sufficiently sanitized and Windows- 
like that even the average Joe can use 
them. | think, however, that it’s fair 
to say most of our previous concep- 
tions of “ready for the desktop” are 
moot points. 

The only folks who are still up in 
arms over whether Linux ever will be 
ready are the same folks who have 
been talking about it for years. New 
users really don’t care. | don’t say that 
arbitrarily; | say that because | work in a 
school, and | see the current generation 
of computer users. They don’t care 
if they use a Mac, a PC or a Linux 
machine. Most don’t even notice the 


difference. In an unofficial, random 
sampling of college and high-school 
students, here’s what they need from 
a computer: 


Firefox (really, by name—cool, eh?). 


A way to play music (iTunes often is 
mentioned, but not insisted upon). 


Microsoft Office. 


And, that’s it. The last point 
bummed me out a bit, so | asked more 
probing questions. It turns out that 
Microsoft Office has become the com- 
mon name for an office suite—much 
like Kleenex became the name for facial 
tissue. For almost everyone | asked, 
OpenOffice.org or even Google Docs 
(in a pinch) is the same thing. In fact, 
some weren't really sure why I'd ask 


such a thing, because “aren't they all 
the same?” 

Some people want a specific type 
of computer for tasks like video pro- 
duction or gaming, but they aren’t 
the overwhelming majority anymore. 
Everyone wants or needs a computer 
now, and the general population doesn’t 
seem to care much about what oper- 
ating system it's running. 

My suspicion is that Web 2.0 and 
mobile (smartphone) technology is 
doing more to help Linux than anything 
else in history. It's not because Linux 
is better at such things; it’s because 
the world is moving to the Web. The 
vehicle to get there is becoming less 
and less important. 

The good news is that now Linux 
finally can take over the world, and 
most people won't even notice! 

—SHAWN POWERS 


Expert inc 


luded. 


Dan is a product manager for Silicon Mechanics, which means that he’s always on the lookout for the next 
magical combination of features that will meet your needs. What is Dan's latest find? The new Rackform 
nServ A259, now available on the Silicon Mechanics website. 
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What They’re Using 
Christian Einfeldt, Producer, the Digital Tipping Point 


| have six basic different uses for free, 
open-source software: 1) my law office 
practice; 2) managing and editing video for 
the Digital Tipping Point Project; 3) running 
a 25-seat Edubuntu lab at a public middle 
school as a volunteer in San Francisco; 4) 
placing ACCRC.org Linux computers in 
classrooms; 5) giving out ACCRC.org 
Ubuntu computers to friends, neighbors 
and the children who attend that school; 
and 6) supporting San Francisco’s Tech 
Connect program by demonstrating 
Linux boxes at events for nonprofits and 
low-income individuals. 

For my law practice, | use whatever 
cast-off computer | happen to have 
available at the moment from the other 
computers that | give out to students, 
friends or family. | generally can find a P4 


computer with about 512MB of RAM, and 
| just copy my data from one machine to 
an external hard drive and then back onto 
the new machine. It really varies depend- 
ing on the needs of the students, friends 
and neighbors | am helping. It’s all part of 
a constant flow of equipment through my 
office. For a while, | was using OpenSUSE, 
but | switched to plain-old, brown 
GNOME Ubuntu, simply because most 
of the sysadmins who help me prefer 
plain-old brown. 

For the Digital Tipping Point video 
project, | am using three machines. They 
all have the same “last name”, so to 
speak, as they are all members of the 
“Beast” family. The least muscular is 
the Server Beast (sb), with two single- 
core AMD processors at about 1GHz 
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ls Kelle, 2 
The boxes to my left are the thin 
clients. If you look just over my 
right ear, you will see a silvery 
small computer between two 
black monitors. That’s the 
computer on which | captured this 
photograph (Gutsy Ubuntu running 
on the ZaReason media box). 


each, running on a Tyan 2460 mother- 
board and 750GB of storage on two 
internal hard drives (built by San Francisco 
Linux consultant Holden Aust). This 
machine has an added card with both USB 
2.0 and IEEE 1394 ports. It’s called the 
Server Beast because it was formerly a 
server owned by a law firm. | use it either 
for capturing video from my Sony tape 
deck, compressing the video, uploading the 
video to the Internet Archive's Digital Tipping 
Point Video Collection (www.archive.org/ 
details/digitaltippingpoint) or for 
doing rough video editing with Kino, 
such as the 4:57 minute proof-of-concept 
video for the Digital Tipping Point 
Project (www.archive.org/details/ 
proof_of_concept_four_mins.mpg). 
Next up in the Beast family is the 


Render Beast (rb, also built by Holden 
Aust). It has a Gibabyte-brand 
GA-MA69GM-S2H motherboard with an 
Athalon AMD 64 4200+ chip and 4GB of 
RAM. This machine so far has been used 
mostly for the same basic thing as the 
Server Beast, but it's much faster. It also 
has 1.5TB of internal HD storage. 

Finally, the newest addition to the 
family is the TeraByte Beast (tbb, built by 
San Francisco Bay Area Linux consultant 
Daniel Gimpelevich and Holden Aust), 
with a Gibabyte-brand GA-MA790FX-DS5 
motherboard with an Athlon AMD 64 
4200+ chip and 4GB of RAM. This 
machine's claim to fame (at least at 
Beast family gatherings) is that it has 
16 one-terabyte drives, for a total of 
16TB. It's primarily used for storing 
video, although it occasionally is 
pressed into service to do the same 
things as its Beast brothers. 

The public middle school’s Edubuntu 
lab has three machines running various 
flavors of Ubuntu (built by ZaReason, 
Inc., a Berkeley-based computer retailer 
that sells only Linux-powered comput- 
ers). There are two video-ready 
machines, each with an Intel Core 2 
Duo E6300 and 2GB of RAM. Each 
machine also has a 500GB SATA drive. 
These are used by the students for 
watching video and listening to music, 
as well as practicing photo editing in 
The GIMP. The teachers have not yet 
put together a video-editing course, 
as they still are learning how to use 
video editing under Cinelerra and 
Kino. Let's keep our fingers crossed 
for next year. 

ZaReason also built the Edubuntu 
thin-client server, which is a Pentium D 
940 with 2GB of RAM and a 320GB 
hard drive. That machine supports 23 
thin clients and is used by the students 
every day except Friday for on-line 
research and composing essays and 
sending them to their teachers via 
e-mail. The students also are taught to 
do presentations, which they deliver in 
front of their science and social studies 
classes. For their essays and presenta- 
tions, they use Google Docs, which 
now has a presentation element 
(OpenOffice.org was choking the serv- 
er). As a nice little bonus, Microsoft 
paid for all of the ZaReason boxes—a 
result of California's antitrust settlement 
(linux.slashdot.org/article.pl?sid=07/ 
10/11/1446254). 


With the help of Andrew Fife and 
Tom Belote of Untangle.com (a net- 
working security company) and Linux 
expert Drew Hess, we will be turning 
the Edubuntu thin-client lab into an 
Edubuntu hybrid client network running 
the programs locally but serving up the 
files from the Zareason.com server. The 
thin clients were choking the server 
when audio or video was attempted, so 
we are shifting some of the work to the 
clients next year. 

James Burgett, who runs the 
Alameda County Computer Resource 
Center (ACCRC.org) has been a really 
generous donor of equipment for the 
public middle school | am supporting 
with free, open-source software. James 
gave the school an initial donation of 
30 HP P4 Ubuntu machines with 256MB 
of RAM. Some of those boxes were 
given to students, and some were used 
in the Edubuntu lab. Other boxes were 
placed in classrooms, where the stu- 
dents use the machines for the same 
purposes in the lab. 

James Burgett (also of Untangle.com) 
and Andrew Fife organized a massive 
installfest (Iwn.net/Articles/273770) at 
the school and four other locations in the 
San Francisco Bay Area (untangle.com/ 
index.php?option=com_content&task= 
view&id=393&ltemid=139) on March 1, 
2008. That installfest allowed me to give 
neighbors and friends some of the machines 
| had scrounged for the school, by 
replacing those machines with newer 
machines from the ACCRC.org - Untangle 
installfest. Also, many of the new 
machines were given out to students, 
many of whom have no computers at 
home. ACCRC.org and Untangle.com 
are planning another massive installfest 
(untangle.com/index.php?option= 
com_content&task=view&id=351&ltemid 
=139) for LinuxWorld Expo in August 
2008 in San Francisco. 

Finally, the St. Anthony Foundation of 
San Francisco has loaned me seven Dell GX 
150 machines with 256MB of RAM, which 
| use to support Kari Gray in her work with 
the City and County of San Francisco's Tech 
Connect Project to introduce low-income 
people to technology. A video of an 
event at St. Anthony’s Foundation in 
San Francisco's skid row is available at 
(news.cnet.com/Tenderloin-Tech-Day/ 
1606-2_3-6223419.html?part=rss&tag= 
2547-1_3-0-20&subj=news). 

—CHRISTIAN EINFELDT 
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New Top-Level 
Domains on 
the Way 


In late June 2008, ICANN accepted a 
proposal to relax restrictions on the 
top-level domain namespace and, in 
the process, opened up the possibility 
for thousands of new domains. 

Currently, there are only 21 top-level 
domains, such as .com, .org or .info, 
and around 240 active country-code 
domains, such as .us, .de and .uk. 
The proposed plan would allow any 
organization or person to apply for a 
customized top-level domain. 

For example, New York City could 
operate the .nyc domain for addresses, 
such as brooklyn.nyc, penn-station.nyc 
or www.central-park.nyc. “It's a massive 
increase in the ‘real estate’ of the 
Internet”, said Dr Paul Twomey, 
President and CEO of ICANN. The .com 
registry is by far the most crowded at 
this point, with 71 million registered 
domains. For comparison, the second 
(.de) and third (.net) most popular 
registries have only 11.2 million and 
10.6 million domains, respectively. 

Before you rush to register your 
new top-level domain, you may want to 
check your bank account first. ICANN 
is expected to charge a minimum of 
$100,000 for the right to operate your 
own top-level domain, provided you 
qualify. Applicants must prove that they 
have a “business plan and technical 
capacity”. There is hope that this mea- 
sure will help keep domain squatters 
out of the top-level namespace. 

ICANN also has a process in place to 
deal with controversial submissions, as 
stated on icann.org: “Offensive names 
will be subject to an objection-based 
process based on public morality and 
order. This process will be conducted 
by an international arbitration body 
utilizing criteria drawing on provisions 
in a number of international treaties. 
ICANN will not be the decision maker 
on these objections.” 

Applications for new names will be 
available in the second quarter of 2009. 

Yes, it is true, ICANN HAZ 
MORE DOMAINS. 

—CORY WRIGHT 
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SF atierorce 


REUVEN M. LERNER 


Shoehorning Data 
into a Database 


Databases make the world go round, but sometimes fitting a round data peg 
into a square database hole is less than ideal. What’s a programmer to do? 


Relational databases are really great for storing 
and retrieving data, but sometimes, they aren't quite 
up to the task. Joe Celko, whose SQL for Smarties 
books are among my favorites, dedicated an entire 
volume to the issue of trees and hierarchies. These 
data structures might be common and useful in 
most programming languages, but they can be diffi- 
cult to model as tables, particularly if you care about 
efficient use of the database. Things become even 
trickier if you're dealing with a number of related, 
but distinct, types of entities, such as different types 
of employees or different types of vehicles. 

One way to solve this problem is not to use 
relational databases. Objects can be quite good at 
handling trees and arrays, as well as inheritance hierar- 
chies. Furthermore, object databases do exist, and the 
Python-based Zope application framework has demon- 
strated that it’s even possible to have object databases 
in production. Gemstone’s demonstration of Ruby run- 
ning on top of its Smalltalk VM, with its accompanying 
object database, means that Ruby programmers soon 
might have access to similar technology. 

But, object databases still are far from the 
mainstream. Most Web developers have access to 
a relational database, and not much else. Is there 
anything that we can do for these people? 

This month, we take a look at two different ways 
we can handle data that doesn’t quite fit into a rela- 
tional database. These techniques are quite different 
from one another, and they don’t even come close to 
the full range of possibilities you can get with a rela- 
tional database. But, they both work and are used in 
production environments—and if your data doesn’t 
seem to fit into standard database paradigms, you 
might want to consider one of them. 


PostgreSQL's Table Inheritance 
Some data-modeling issues are typically even harder 
to deal with. For example, a classic introduction to 
the world of object-oriented programming describes 
a human resources department. The HR department 
tracks employees, all of whom have some common 
characteristics. But, some employees are programmers, 
some are secretaries, and some are managers—and 
each of the employee types has specific data that 
needs to be associated with them. 

In an object-oriented world, it’s easy to model this. 
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You create an employee class, and then create multiple 
subclasses of programmer, secretary and manager. 
Subclassing creates an “is-a” relationship, such that a 
programmer is an employee. This means that program- 
mers have all the attributes of an employee, but also 
have some additional characteristics that distinguish 
them from an ordinary employee. With these subclasses 
in place, we then can create an array (or any other data 
structure) of people in our company, knowing that 
although some are programmers and others are secre- 
taries, they're all employees and can be treated as such. 

Translating this idea to the world of relational 
databases can be a bit tricky. One solution is to use 
inheritance in your database tables. PostgreSQL 
has done this for years; thus, it’s called an object- 
relational database by many users. You can do the 
following in PostgreSQL, for example: 


CREATE TABLE Employees ( 


id SERIAL, 
irst_name TEXT NOT NULL, 
ast_name TEXT NOT NULL, 
email_address TEXT NOT NULL, 
PRIMARY KEY(id), 
UNIQUE (email_address) 
iG 
CREATE TABLE Programmers ( 
main_language TEXT NOT NULL 
) INHERITS (Employees) ; 
CREATE TABLE Secretaries ( 
words_per_minute INTEGER NOT NULL 
) INHERITS (Employees) ; 


INSERT INTO Employees (first_name, last_name, email_address) 
VALUES ('George', 'Washington', 'georgie@whitehouse.gov'); 


INSERT INTO Programmers (first_name, last_name, 
email_address, main_language) 


VALUES (‘Linus', 'Torvalds', 'torvalds@osdl.org', 'C'); 


INSERT INTO Secretaries (first_name, last_name, 


email_address, words _per_minute) 


VALUES ('Condoleezza', 'Rice', ‘rice@state.gov', 10); 


If we ask for all employees in the system, we'll 
get all three of the people we have entered: 


atf=# select * from employees; 
id | first_name | last_name | email_address 
eee. eee ees Peewee Saas FA ee ae Pe Nee ae ee ace es 
1 | George | Washington | georgie@whitehouse. gov 


2 | Linus | Torvalds | torvalds@osdl.org 


3 | Condoleezza | Rice | rice@state.gov 


(3 rows) 


Of course, this query shows only the columns of the 
Employees table, which are common to that table and 
to those that inherit from it. If we want to find out how 
many words per minute someone types, we must 
address that query specifically to the Secretaries table: 


atf=# select * from secretaries; 

id | first_name | last_name | email_address | words_per_minute 

en ee dasneeaaacee isasvecegeoree se ee er 
3 | Condoleezza| Rice | rice@state.gov | 10 


(1 row) 


Notice that the id column for all three tables, 


which was defined as SERIAL (that is, a nonrepeating 
incrementing integer), is unique across all three tables. 


Polymorphic Associations 

The way that PostgreSQL has integrated this type of 
object hierarchy into its relational system is impressive, 
flexible and useful. And yet, because it is unique to 
PostgreSQL, it means that no higher-level, database- 
agnostic application framework can support it. This 
especially is true in Ruby on Rails, which tries to treat 
all databases as similar or identical, going so far as to 
encourage programmers to use a Ruby-based domain- 
specific language (migrations) to create and modify 
database definitions. Using PostgreSQL inheritance 
features might work, but it will take a fair amount of 
twisting to make it compatible with Rails. 

Besides, Rails already has a feature, known as 
polymorphic associations, that lets us work with dis- 
tinct types of items as if they were part of a single 
class. This isn’t the same as an object hierarchy—we 
can’t say that secretaries and programmers are both 
types of employees. But, we can say that secretaries 
and programmers are both employable and treat 
them as similar via that description. 
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To begin, you might remember that Rails has 
something known as associations, which allow us to 
connect one model to another. For example, let's 
say that each company has one or more employees. 
Thus, we can create some simple models. We can 
generate migrations with: 


./script/generate model company name:string 
./script/generate model employee first_name:string 


last_name:string email_address:string company_id: integer 


Then, we can turn the automatically generated 
migration files into actual database tables with 
the following: 


rake db:migrate 


Now, we can indicate that each company can have 
one or more employees by modifying the model files. 
For example, we add the following to employee.rb: 


class Company < ActiveRecord: :Base 
has_many :employees 
end 


Similarly, we can say: 


class Employee < ActiveRecord: :Base 
belongs_to :company 
end 


With has_many and belongs_to in place, we 
now have created an “association” between these 
two models. This might not seem too exciting, but it 
means we can treat the two tables as object classes 
and each row in the table as an instance: 


xyz = Company.create(:name => 'XYZ Corporation') 
george = Employee.create(:first_name => 'George', 
:Last_name => ‘Washington’, 
:email_address => 'georgie@whitehouse.gov', 
:company_id => xyz.id) 
Now, we can say: 
p xyz.employees.first 
and we get back our george user. Similarly, we can say: 
p george.company 
and get back our xyz company. This is all standard 
stuff for Rails programmers, and it is part of the 
ActiveRecord feature known as associations. You 


can create all sorts of associations, giving them 
arbitrary names. For example, we could say: 
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class Company < ActiveRecord: :Base 
has_many :employees 
has_many :employees_with_a, :class_name => 'Employee', 
:conditions => "first_name ilike '%a%'" 
end 


With this in place, and after restarting the 
console (or typing reload!), we now can say: 


xyz = Company.find_by_name('XYZ Corporation') 
xyz.employees_with_a 


This prints the empty list—not surprising, given 
that we have defined only a single employee so far, 
and his name didn’t contain an a. But, now we can 
create a second employee: 


jane = Employee.create(:first_name => 'Jane', 
:last_name => 'Austin', 
:email_address => 'jane@bookauthor.com' 


:company_id => xyz.id) 
If we run our association again: 
xyz.employees_with_a 


now we get our jane employee. 

This is all well and good, but what happens if we 
want to represent different types of employees, each 
of whom is employed by a company, but with differ- 
ent associated data? This is where polymorphic asso- 
ciations become useful. In order for this to work, we 
need to change the definitions of our models, as well 
as the relationships among them (if you're playing 
along at home, blow away the existing Employee and 
Company models before continuing): 


./script/generate model company name:string 
./script/generate model contract employable_id: integer 
employable_type:string company_id: integer 
./script/generate model programmer main_language: string 
first_name:string last_name:string email_address:string 
./script/generate model secretary words _per_minute: integer 
first_name:string last_name:string email_address: string 


The above invocations of script/generate create 
four different models: one for a company, another for 
a programmer, another for a secretary and a fourth for 
a contract. Our PostgreSQL model allowed us to have 
a single Employee table and to have programmers and 
secretaries inherit from that table. Rails doesn’t let us 
specify that one model inherits from another. Rather, 
we use Rails to describe the relationships among the 
models. Companies are connected to programmers 
and secretaries via employment contracts. 

Because we are looking at the relationships 


among standalone models, rather than an inheri- 
tance hierarchy, there’s no obviously good place in 
which to stick attributes that are common to pro- 
grammers and secretaries. In the end, | decided to 
put the attributes in the programmer and secretary 
models, respectively, despite the repetition. 

Now, let's define the associations: 


class Company < ActiveRecord: :Base 
has_many :contracts 
end 


class Contract < ActiveRecord: :Base 

belongs_to :company 

belongs_to :employable, :polymorphic => true 
end 


class Programmer < ActiveRecord: :Base 
has_many :contracts, :as => :employable 
has_many :companies, :through => :contracts 
end 


class Secretary < ActiveRecord: :Base 


has_many :contracts, :as => :employable 
has_many :companies, :through => :contracts 
end 


In other words, each company has many con- 
tracts. Each contract joins together a company and 
someone who is employable. Who is employable? 
Right now, only programmers and secretaries fit the 
bill, connecting to the employable interface with 
contracts, and then to a company via a contract. 

Behind the scenes, Rails is pulling a nasty trick, 
one that should make any good database program- 
mer feel sick. The contract model includes two fields 
(employable_id and employable_type), which point to 
a single row in a particular table. In some ways, this is 
sort of a poor man’s foreign key. But the difference is 
that the foreign key can point to any of several tables. 
And, of course, there is no error checking; only the 
application can stop me from entering a random text 
string in the employable_type column. 

So, now we can create some relationships: 


xyz = Company.create(:name => 'XYZ Corporation’) 
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pl = Programmer.create(:first_name => ‘Linus’, 
:last_name => ‘Torvalds’, 
:email_address => 'torvalds@osdl.org', 


:main_language => 'C') 
Contract.create(:employable => pl, :company => xyz) 


sl = Secretary.create(:first_name => ‘Condoleezza’, 
:last_name => 'Rice', 
remail_address => 'rice@state.gov', 


:words_per_minute => 90) 
Contract.create(:employable => sl, :company => xyz) 


That's already pretty remarkable. Because both 
programmers and secretaries are employable (as 
they both expose the employable interface to the 
contracts model, using has_many :as), we can join 
each of them to an instance of the contract model. 

But, it gets better, if we add a few more 
associations: 


class Contract < ActiveRecord: :Base 
belongs_to :company 


belongs_to :employable, :polymorphic => true 


belongs_to :programmer, 

:class_name => 'Programmer', :foreign_key => ‘employable_id' 
belongs_to :secretary, 

:class_name => 'Secretary', :foreign_key => ‘employable_id' 


end 


class Company < ActiveRecord: :Base 


has_many :contracts 


has_many :programmers, : through => :contracts, 
:source => :programmer, 


:conditions => "contracts.employable_type = ‘Programmer 


has_many :secretaries, :through => :contracts, 
source => rsecretary, 


:conditions => "contracts.employable_type = ‘Secretary’ 


end 


With this in place, we now have a complete 
bidirectional association between programmers and 
secretaries on one side and companies on the other. 
Thus, we can Say: 


>> xyZ. programmers 
=> [#<Programmer id: 1, main_language: "C", first_name: "Linus", 
last_name: "Torvalds", email_address: "torvalds@osdl.org", created_at: 


"2008-06-12 00:47:58", updated_at: "2008-06-12 00:47:58">] 


>> xyz.secretaries 


=> [#<Secretary id: 1, words_per_minute: 90, first_name: 
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"Condoleezza", last_name: "Rice", email_address: "rice@state.gov", 
created_at: "2008-06-12 00:54:34", updated_at: "2008-06-12 
00:54:34">] 


But, we also can say: 


>> Programmer.find(1).companies 
=> [#<Company id: 1, name: "XYZ Corporation", created_at: "2008-06-12 
00:47:18", updated_at: "2008-06-12 00:47:18">] 


Moreover, we can iterate over xyz.contracts, 
bringing together the secretaries and programmers 
models into one package: 


>> xyz.contracts.each {|c| puts c.employable.first_name} 
Linus 
Condoleezza 


Although Rails does not provide inheritance within 
the models, polymorphic associations make it possible 
to come close to such functionality. You also get a 
bunch of convenience functions that make it more 
natural to work with these additional attributes. 


Conclusion 

Not all data fits cleanly into two-dimensional tables. 
When this occurs, you can try to shoehorn your 
data into an inappropriate container. Or, you can try 
to use the help that is built in to one or more levels 
of your software stack. If you use PostgreSQL, inheri- 
tance can be really useful. If you use Rails, you can 
take advantage of polymorphic associations, allowing 
you to treat two or more models with a common API 
as similar. This isn’t the sort of thing you'll do each 
day, but it’s a useful skill to have on hand for cases 
when you need to take unusual data.m 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) to 
their home in Modi‘in, Israel, after four years in the Chicago area. 


Resources 


To learn how PostgreSQL allows for inheritance, 
read the on-line manual at www.postgresql.org/ 
docs/8.3/static/ddl-inherit.html. 


Rails Cookbook, by Rob Orsini, and published 
by O'Reilly, has some good information about 
polymorhphic associations. 


The Rails Wiki has some good examples and 
descriptions of polymorhphic associations 
at wiki.rubyonrails.org/rails/pages/ 
UnderstandingPolymorphicAssociations. 
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MARCEL GAGNE 


Browsers with the 
Speed of Lightning 


When was the last time you heard someone mention the browser 
wars? Most pundits love to point out that Internet Explorer's only real 
competition is Mozilla Firefox. One or two will give Opera a nod. But, 
what about the underdogs of the browser world? 


Speed of lightning, power of thunder? What is 
this | hear? Mon Dieu, Francois! How on earth did 
you find that old Underdog clip? Ah, of course— 
YouTube. | am surprised, mon ami that you even 
know about this old cartoon—one, | confess, | 
enjoyed a great deal in my youth. Quoi? You don’t 
know it? You were just doing some research for the 
issue's theme, underdogs? To be honest, I’m not 
exactly sure what our editors meant, but | don’t 
think rescuing Sweet Polly Purebred from the evil 
Simon Bar Sinister was what they had in mind. 
Underdogs, Francois, refer to people (or animals or 
things) who are disadvantaged in some way. They 
may be smaller and not quite as strong as their 
opponent, so that in a contest or fight, they are 
expected to lose. People love to see the underdog 
win. But enough of this, Francois. Our guests are 
arriving as we speak. 

Welcome once again, mes amis, to Chez Marcel, 
where fine wine is a naturally perfect match for 
fine Linux and open-source software. Please, take 
your seats and make yourselves comfortable while 
my faithful waiter attends to the wine. Francois, 
please head down to the cellar and bring back 
that 2006 Torbreck Barossa Valley Woodcutter's 
Shiraz we were, uhm, submitting to quality control 
earlier today. 

Before you arrived, Francois and | were discussing 
the meaning of the word underdog. Cartoon characters 
aside, in the desktop Web browser world, you will 
find some true underdogs. I’m not talking about 
Firefox, and I’m sure most people no longer see 
Firefox as an underdog when compared to the 
Redmond OS's flagship browser. Instead, | want to 
show you some Web browsers worthy of the 
underdog label that you may well want to consider 
using. Despite not being as feature-rich as the 
heavyweights, these lightweight browsers have 
small memory footprints, make few demands on 
system resources and are, in many cases, as fast as 
lightning. Let me start with a text-only browser 
that, strangely enough, does graphics. 

Links, created by Mikulas Patocka, is a text-only 
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Web browser that is surprisingly rich in features 
(Figure 1). It can display tables and frames, and it 
supports colors, clickable links, SSL pages, back- 
ground downloads and more. Sure, it works in text, 
but you have never seen pages load as quickly as 
you will when you decide to view the World Wide 
Web the way many of us first saw it—sans pictures. 
People doing research who want uncluttered infor- 
mation need to put away their graphical browsers 
and fire up Links. The effect of seeing only what 
you need, loaded in an instant, is a wonderful expe- 
rience. Once you have used it, you always will make 
sure it is loaded on every Linux distribution you run. 


if mgagne : inks: va x“ ] 
File Edit View Scrollback Bookmarks Settings Help 


& mgagne = links 


Figure 1. Links is a perennial favorite for text-only Web 
browsing. When you can’t get to a graphical desktop, 
nothing beats Links. 


Links’ popularity means you don’t have to 
look far for it. Most distributions have it in their 


repositories. Source is, of course, available 
from links.sourceforge.net. 

Although it’s true that Links is a text browser, it 
does respond to mouse clicks. In a nongraphical 
environment, you navigate by using cursor keys, 
jump from link to link with the Tab key, page using 
the spacebar and follow a link by pressing Enter. In 
a text console running under a graphical desktop, 
things are a little different. When you see a link, 
simply click, and you will go there. 

Did | say text-only? | may have been mistaken. 
Graphically speaking, Links isn’t merely a text 
browser. An update to Links, available from 
Twibright labs at links.twibright.com, provides a 
graphical interface that works even if you aren't 
running a graphical desktop. That’s right. This Links 
will work on your framebuffer console as well 
(Figure 2). Once again, you should have no trouble 
finding the package in your repositories. The difference 
is in the command. To run the text-only version 
of Links, use the command Links. For a graphical 
version of Links, try links-graphic. 


ts pe pears ema trent age 


Figure 2. If you thought Links was a text-only browser, 
think again. 


Ah, Francois, you have returned. Please pour 
for our guests. Enjoy, mes amis. This Shiraz has a 
wonderfully rich aroma, complexity and texture, 
along with black cherry draped over the signature 
Shiraz peppery flavor. Make sure you fill my glass 
as well, Francois. 

Another alternative to the monster browsers of 
today, and one that is entirely graphical in nature, is 
Dillo. Created by Jorge Arellano Cid, Dillo’s demands 
on your system are meager, and its performance 
is seriously snappy. It won't render complex pages 
or tables particularly well, but it does support 
image browsing and bookmarks. Dillo’s small size, 
speed and tiny memory footprint can sometimes 
make up for its limited features. Figure 3 shows 
Dillo in action. 

The current 0.8 branch of Dillo is no longer 
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Figure 3. Dillo is a seriously snappy graphical browser. 


maintained, but it’s still a mainstay in most major 
distributions’ repositories. It’s easy to find and 
install. A new version based on FLTK2 is where 
development is going at this stage. Those of you 
feeling a little brave and willing to do a little source 
code compiling are invited to download the devel- 
opment code from the site at www.dillo.org. The 
classic source is also available. 

Finding a balance between the needs of offering 
a feature-rich browser while maintaining speed 
at a maximum and resources at a minimum is 
the driving force behind the final two items on 
tonight’s menu. 

Our next selection for tonight is Christian 
Dywan’s Midori, a great little Web browser whose 
rendering engine uses WebKit instead of Gecko. 
For those who may not know, WebKit is an open- 
source rendering engine based on KHTML, the 
HTML rendering engine created by the fine people 
of the KDE Project. Midori (Figure 4) also features 
tabbed browsing, custom context menus, config- 
urable interface, JavaScript plugins and, of course, 
peppy rendering, courtesy of WebkKit. 
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Figure 4. Cool name aside, Midori is the only browser I’ve 
found that can pass the Acid3 test. 
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Note: 


Think you may have heard of WebKit somewhere 
else? That's because WebKit is the engine behind 
Mac OS X's Safari browser. 


Changes to Midori's interface and behavior 
are largely controlled via the Preferences dialog 
(Figure 5). Click Edit on the menu bar, and select 


Preferences. From there, you can set a default home 


page, change the look and feel (including default 
fonts), and more. You'll also find evidence of 
Midori’s young age when you run into pages that 
don't yet allow edits. 


"e+ midort Preterences 


a 7 
i) midori Preferences 


General Appearance Behavior interface Network Privacy 
Features 


¥ Auto Load images ~ Auto Shrink images 


¥ Print Backgrounds v Resizable Text Areas 
v Enable Scripts v Enable Plugins 
User Stylesheet URI [inoney Bs 
Location entry Search hittp://www.google.com/search/?7q=%s 
Close 


Figure 5. The Preferences menu gives you access to much 
of Midori’s configuration. 


Midori is, as | mentioned, a young browser. It’s 
also a fascinating and promising project, and it’s 
fast. Really fast. And, it’s the only browser on my 
system to pass the Acid3 test (acid3.acidtests.org). 

The final item on our menu is Hidetaka lwai’s 
Kazehakase, a graphical browser that uses the 
Mozilla Gecko rendering engine to display Web 
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Figure 6. Kazehakase is an excellent browser based on the 
Mozilla Gecko engine. 


pages. As such, it doesn’t lack for much when it 
comes to showing off Web sites as you expect 
to see them. Kazehakase, which means “Wind 
Doctor” is named after a short story by the 
Japanese author Sakaguchi Ango. This is a great 
little program that features tabbed browsing, 
customizable mouse gestures and keyboard short- 
cuts, RSS bookmarks and more (Figure 6). 

Possibly the coolest thing about Kazehakase is 
its graded user interface. It's a great concept. By 
default, the user interface is kept as simple as possi- 
ble, providing users with only the basics both in 
terms of menu options and configuration of system 
preferences. The user interface level (UI levels) can 
be set to beginner, medium or expert. At each level, 
you find additional hidden gems under the surface 
that let you fine-tune the browser. There are two 
ways to change the UI level. The first is by changing 
the preferences. To get to the system preferences, 
click Edit on the menu bar, then select Preference. 
The beginner UI preferences window appears with 
the main options to the right and a sidebar menu 
on the left (Figure 7). 
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Figure 7. On the left, you can see Kazehakase’s basic (or beginner) preferences. To the right is the same dialog but in expert mode. 
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Figure 8. Becoming an expert in Kazahakase is just one little menu option away. 


Note: 


Marcel's extract-and-build five-step 
is available from his Web site at 
www.marcelgagne.com/fivestep.html. 


There are only four categories of sim- 
ple changes here. If you change the UI 
level to expert, a much more complex and 
complete preferences menu appears, as 
shown on the right-hand side of Figure 7. 
If you choose, you also can toggle the Ul 
level directly from the menu bar by click- 
ing View and selecting your level of exper- 
tise from the UI level submenu (Figure 8). 

Kazehakase isn’t widely available in 
distribution repositories, so you may have 
to resort to the old extract-and-build 
five-step for that one. This is a great little 
browser and well worth checking out. 

There you have it, mes amis, the 
underdogs of the browser world—some of 
them anyhow, as | am sure there are plen- 
ty more. Can any of them compete against 
the big guys? That depends on your needs 
and constraints. If fast as lightning trumps 
a bulked-up feature set, the underdogs 
win. The same is true on a small, under- 
powered machine. Researchers who are 
more interested in text may opt out of the 
graphical browsers entirely. Each under- 
dog, you might say, can have its day. 

Speaking of day, this one is nearly 


done, and the only browsing | intend 
to do after closing is in the wine cellar. 
Speaking of which, keep your glasses 
handy as Francois will happily refill them 
a final time. Raise your glasses, mes amis, 
and let us all drink to one another's 
health. A votre santé! Bon appétit!= 


Marcel Gagné is an award-winning writer living in Waterloo, 
Ontario. He is the author of the Moving to Linux series of books 
from Addison-Wesley. Marcel is also a pilot, a past Top-40 
disc jockey, writes science fiction and fantasy, and folds a 
mean Origami T-Rex. He can be reached via e-mail at 
marcel@marcelgagne.com. You can discover lots of other 
things (including great Wine links) from his Web sites at 
www.marcelgagne.com and www.cookingwithlinux.com. 
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DAVE TAYLOR 


Spreading Out 


Numbers 


The hardest part of any game is coming up with likely, but incorrect, 
answers. In this month's column, Dave looks at ways to calculate 
probable wrong answers for the evolving movie trivia game. 


The past few months, we've been writing a movie 
trivia game with the intent of having it be a Twitter 
client and sporadically spit out questions on its 
Twitter feed of the form “The film Sunset Blvd. was 
released in 1943, 1946, or 1950?” 

What initially seemed like the most difficult task, 
finding the list of films and then extracting release 
dates, turned out to be a manageable one through 
the expedient of utilizing the terrific Internet Movie 
Database site (imdb.com) and pushing the data 
through some filters and transformations. 

The end result is that with a simple invocation 
of a script, we can generate a data file called 
top-250-films-with-release-dates.db that looks like 
this: “Sunset Blvd. | 1950” (and now you know the 
answer to the question in paragraph one). 


Generating Interesting Adjacent 
Numbers 

Last column left off with the puzzle of generating 
good “adjacent” release years. That is, if we're talk- 
ing about a movie like Prince Caspian, released in 
2008, we want the adjacent values to be quite 
close—maybe 2005 and 2007. If we're talking 
about Rear Window, released back in 1954, we 
want the adjacent values to be spread out more, 
because offering up 1951, 1954 and 1955 is going 
to be more annoying and nit-picking than 1940, 
1950 and 1954 or similar. See what | mean? 

What we could do is simply subtract the release 
year from the current year, then apply some sort of 
multiple to tweak the delta. Then, Prince Caspian 
would have an “adjacency” of zero, and Rear 
Window would have one of 54. Let's consider 
dividing the value by five and using the ceiling value 
to see what the calculation for a half-dozen movies 
produces (Table 1). 

That’s not bad. Sin City could have incorrect year 
values within one year of the actual release, while 
Metropolis could be off by as much as 17 without 
most people realizing. | mean, if | asked you right 
now, “Did Fritz Lang’s masterwork Metropolis 
come out in 1927, 1931 or 1947?”, would you 
know the answer? 
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Table 1. Calculating Adjacency for the Movie Trivia Game 


4 1 


Der Untergang 2004 

Metropolis 1927 81 ie 
Sin City 2005 B 1 
Chinatown 1974 34 7 
Some Like It Hot 1959 49 10 


This leads to an important realization: we can’t 
have the values perfectly spaced out, so the Factor 
above is the upper range of a 1..Factor choice. So, 
the amusing Some Like It Hot can have incorrect 
guesses that are anywhere from one year to nine 
years off. 

Okay, enough discussion. How do we implement 
this in code? 

Well, we have the release date of the movie 
in releasedate, and we have the current year in 
thisyear, so here's a simple test script: 


thisyear="$(date +%Y)" 
releasedate="$1" 
adjacency="$(( $thisyear - $releasedate ))" 
if [ $adjacency -1t 5 ] ; then 
factor="1" 
else 
factor="$(( $adjacency / 5 + 1 ))" 
Ti 
echo "For release $releasedate we have factor = $factor" 


This demonstrates an important facet of shell 
scripting: sometimes thinking through the solution 
is more time consuming than actually coding your 
resultant algorithm. | could share an anecdote about 
my boss telling me to “stop thinking and start cod- 
ing” in one of my earlier jobs, but I'll skip it. Just 
keep in mind that thinking through solution paths is 
a critical step in any job. 

Now that we have a way to calculate our adja- 
cency factor for a given movie release year, let's take 
the next step and actually calculate possible values: 


delta="$(( $RANDOM % $factor + 1))" 


add="$(( $RANDOM % 2 ))" 


if [ $add -eq 1] ; then 

closeyear="$(( $releasedate + $delta ))" 
else 

closeyear="$(( $releasedate - $delta ))" 
fi 


That isn’t too bad as a first step. 

There are two problems | see with this algorithm as is, 
however. First, we can end up with release years in the future 
(that is, ron Man could end up with a release year of 2009, 
which is wrong). Second, for movies released in the last five 
years, we also could end up with the actual release year 
always sandwiched in the middle once we de-dupe the results. 
(I hope you can see why that’s the case.) 

To fix the first problem, we need to add a test to ensure 
that the closeyear is never greater than thisyear, which is 
straightforward. For the second problem, | think that having a 
minimum delta of two, rather than one, gives us a bit more 
wiggle space, though any movie released in the current year is 
basically a gimme anyway for people who are paying even 
minimal attention. 

Here's how | implemented these tweaks: 


if [ $adjacency -1t 5 ] ; then 
factor="2" 
else 
factor="$(( $adjacency / 5 +1 ))" 
Ti 


And, a bit later in the code: 


if [ $closeyear -gt $thisyear ] ; then 
closeyear="$(( $releasedate - $delta ))" 
Ti 


That seems to work pretty well. Now when we give the 
script a few different release years, here’s what we see: 


Release Year First Five Generated Results 
1962 1970, 1967, 1958, 1960, 1971 
1994 1996, 1996, 1995, 1993: 1993 
2002 2004, 2001, 2000, 2001, 2003 
1927 1915; 1925... 1937, 1936, 1911 
2008 2006, 2007, 2007, 2006, 2007 


| think we can live with this—not bad at all, actually. 

Now we have all the building blocks, and next month, 
we'll put them all together and create the movie trivia game. 
With luck, we'll have space to start pushing it out on Twitter 
too. In the meantime, if you want to sign up on Twitter for the 
game and watch as | develop it, follow FilmBuzz.m— 


Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and most recently 
author of both the best-selling Wicked Cool Shell Scripts and Teach Yourself Unix in 24 Hours, 
among his 16 technical books. His main Web site is at www.intuitive.com, and he also offers up 
tech support at AskDaveTaylor.com. Follow him on Twitter if you'd like: twitter.com/DaveTaylor. 
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MICK BAUER 


Secured Remote 
Desktop/Application 


Sessions 


Run graphical applications from afar, securely. 


There are many different ways to control a Linux 
system over a network, and many reasons you 
might want to do so. When covering remote control 
in past columns, I’ve tended to focus on server- 
oriented usage scenarios and tools, which is to say, 
on administering servers via text-based applications, 
such as OpenSSH. But, what about GUl-based 
applications and remote desktops? 

Remote desktop sessions can be very useful for 
technical support, surveillance and remote control 
of desktop applications. But, it isn't always neces- 
sary to access an entire desktop; you may need to 
run only one or two specific graphical applications. 

In this month’s column, | describe how to use 
VNC (Virtual Network Computing) for remote desk- 
top sessions and OpenSSH with X forwarding for 
remote access to specific applications. Our focus 
here, of course, is on using these tools securely, and 
| include a healthy dose of opinion as to the relative 
merits of each. 


Remote Desktops vs. Remote 
Applications 

So, which approach should you use, remote desk- 
tops or remote applications? If you've come to Linux 
from the Microsoft world, you may be tempted to 
assume that because Terminal Services in Windows 
is so useful, you have to have some sort of remote 
desktop access in Linux too. But, that may not 
be the case. 

Linux and most other UNIX-based operating 
systems use the X Window System as the basis for 
their various graphical environments. And, the X 
Window System was designed to be run over net- 
works. In fact, it treats your local system as a self- 
contained network over which different parts of the 
X Window System communicate. 

Accordingly, it’s not only possible but easy to 
run individual X Window System applications over 
TCP/IP networks—that is, to display the output 
(window) of a remotely executed graphical applica- 
tion on your local system. Because the X Window 
System's use of networks isn’t terribly secure (the X 
Window System has no native support whatsoever 
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for any kind of encryption), nowadays we usually 
tunnel X Window System application windows over 
the Secure Shell (SSH), especially OpenSSH. 

The advantage of tunneling individual applica- 
tion windows is that it’s faster and generally more 
secure than running the entire desktop remotely. 
The disadvantages are that OpenSSH has a history 
of security vulnerabilities, and for many Linux new- 
comers, forwarding graphical applications via com- 
mands entered in a shell session is counterintuitive. 
And besides, as | mentioned earlier, remote desktop 
control (or even just viewing) can be very useful for 
technical support and for security surveillance. 


Using OpenSSH with X Window 
System Forwarding 

Having said all that, tunneling X Window System 
applications over OpenSSH may be a lot easier than 
you imagine. All you need is a client system running 
an X server (for example, a Linux desktop system or 
a Windows system running the Cygwin X server) 
and a destination system running the OpenSSH 
dzemon (sshd). 

Note that I didn’t say “a destination system 
running sshd and an X server”. This is because X 
servers, oddly enough, don’t actually run or control 
X Window System applications; they merely display 
their output. Therefore, if you're running an X 
Window System application on a remote system, 
you need to run an X server on your local system, 
not on the remote system. The application will 
execute on the remote system and send its output 
to your local X server's display. 

Suppose you've got two systems, mylaptop 
and remotebox, and you want to monitor system 
resources on remotebox with the GNOME 
System Monitor. Suppose further you're running 
the X Window System on mylaptop and sshd 
on remotebox. 

First, from a terminal window or xterm on 
mylaptop, you'd open an SSH session like this: 


mick@mylaptop:~$ ssh -X admin-slave@remotebox 
admin-slave@remotebox's password: ********** 


Last login: Wed Jun 11 21:50:19 2008 from dtclaQ0b674986d 
admin-slave@remotebox :~$ 


Note the -X flag in my ssh command. This 
enables X Window System forwarding for the 
SSH session. In order for that to work, sshd on 
the remote system must be configured with 
X11Forwarding set to yes in its /etc/ssh/sshd.conf 
file. On many distributions, yes is the default 
setting, but check yours to be sure. 

Next, to run the GNOME System Monitor 
on remotebox, such that its output (window) 
is displayed on mylaptop, simply execute it from 
within the same SSH session: 


admin-slave@remotebox:~$ gnome-system-monitor & 


The trailing ampersand (&) causes this command 
to run in the background, so you can initiate other 
commands from the same shell session. Without 
this, the cursor won't reappear in your shell window 
until you kill the command you just started. 

At this point, the GNOME System Monitor win- 
dow should appear on mylaptop’s screen, displaying 
system performance information for remotebox. 
And, that really is all there is to it. 

This technique works for practically any X Window 
System application installed on the remote system. 
The only catch is that you need to know the name of 
anything you want to run in this way—that is, the 
actual name of the executable file. 

If you're accustomed to starting your X Window 
System applications from a menu on your desktop, 
you may not know the names of their correspond- 
ing executables. One quick way to find out is to 
open your desktop manager’s menu editor, and 
then view the properties screen for the application 
in question. 

For example, on a GNOME desktop, you would 
right-click on the Applications menu button, select 
Edit Menus, scroll down to System/Administration, 
right-click on System Monitor and select Properties. 
This pops up a window whose Command field 
shows the name gnome-system-monitor. 

Figure 1 shows the Launcher Properties, not for 
the GNOME System Monitor, but instead for the 
GNOME File Browser, which is a better example, 
because its launcher entry includes some command- 
line options. Obviously, all such options also can be 
used when starting X applications over SSH. 

If this sounds like too much trouble, or if 
you're worried about accidentally messing up 
your desktop menus, you simply can run the 
application in question, issue the command 
ps auxw in a terminal window, and find the entry 
that corresponds to your application. The last 
field in each row of the output from ps is the 


" Launcher Properties 


Type: Application ’ 
Name:  File/Browser 
Command: _ nautilus --no-desktop --browser %U Browse... 
Comment: Browse the file system with the file manager 


4 3 Close 


Ghuelp 


executable’s name plus the command-line 
options with which it was invoked. 

Once you've finished running your remote X 
Window System application, you can close it the 
usual way (selecting Exit from its File menu, clicking 
the x button in the upper right-hand corner of its 
window and so forth). Don’t forget to close your 
SSH session too, by issuing the command exit in 
the terminal window where you're running SSH. 


Figure 1. Launcher 
Properties for the 
GNOME File 
Browser (Nautilus) 


Virtual Network Computing (VNC) 
Now that I’ve shown you the preferred way to run 
remote X Window System applications, let's discuss 
how to control an entire remote desktop. In the 
Linux/UNIX world, the most popular tool for this is 
Virtual Network Computing, or VNC. 

Originally a project of the Olivetti Research 
Laboratory (which was subsequently acquired by 
Oracle and then AT&T before being shut down), 
VNC uses a protocol called Remote Frame Buffer 
(RFB). The original creators of VNC now maintain 
the application suite RealVNC, which is available 
in free and commercial versions, but TightVNC, 
UltraVNC and GNOME's vino VNC server and 
vinagre VNC client also are popular. 

VNC’'s strengths are its simplicity, ubiquity and 
portability—it runs on many different operating 
systems. Because it runs over a single TCP port 
(usually TCP 5900), it's also firewall-friendly and 
easy to tunnel. 

Its security, however, is somewhat problematic. 
VNC authentication uses a DES-based transaction 
that, if eavesdropped-on, is vulnerable to optimized 
brute-force (password-guessing) attacks. This vulner- 
ability is exacerbated by the fact that many versions 
of VNC support only eight-character passwords. 

Furthermore, VNC session data usually is trans- 
mitted unencrypted. Only a couple flavors of VNC 
support TLS encryption of RFB streams, and it isn’t 
clear how securely TLS has been implemented even 
in those. Thus, an attacker using a trivially hacked 
VNC client may be able to reconstruct and view 
eavesdropped VNC streams. 

Luckily, as it operates over a single TCP port, 
VNC is easy to tunnel through SSH, through Virtual 
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But Don’t Real Sysadmins Stick to Terminal Sessions? 


If you've read my book or my past 
columns, you've endured my repeated 
exhortations to keep the X Window 
System off of Internet-facing servers, or 


any other system on which it isn’t needed, 


due to X's complexity and history of 
security vulnerabilities. So, why am | 
devoting an entire column to graphical 
remote system administration? 


Don’t worry. | haven't gone soft-hearted 
(though possibly slightly soft-headed); 
| stand by that advice. But, there are 


Private Network (VPN) sessions and through TLS/SSL 
wrappers, such as stunnel. Let's look at a simple 
VNC-over-SSH example. 


Tunneling VNC over SSH 

To tunnel VNC over SSH, your remote system must 
be running an SSH deamon (sshd) and a VNC server 
application. Your local system must have an SSH 
client (ssh) and a VNC client application. 

Our example remote system, remotebox, 
already is running sshd. Suppose it also has vino, 
which is also known as the GNOME Remote 
Desktop Preferences applet (on Ubuntu systems, 
it's located in the System menu's Preferences 
section). First, presumably from remotebox’s local 
console, you need to open that applet and 
enable remote desktop sharing. Figure 2 shows 
vino’s General settings. 


plenty of contexts in which you may 
need to administer or view things 
remotely besides hardened servers in 
Internet-facing DMZ networks. 


And, not all people who need to run 
remote applications in those non- 
Internet-DMZ scenarios are advanced 
Linux users. Should they be forbidden 
from doing what they need to do until 
they've mastered using the vi editor and 
writing bash scripts? Especially given 
that it is possible to mitigate some of 


the risks associated with the X Window 
System and VNC? 


Of course they shouldn't! Although | 
do encourage all Linux newcomers to 
embrace the command line. The day 
may come when Linux is a truly 
graphically oriented operating system 
like Mac OS, but for now, pretty 
much the entire OS is driven by con- 
figuration files in /etc (and in users’ 
home directories), and that's unlikely 
to change soon. 


If you want to view only this system's remote 
desktop without controlling it, uncheck Allow other 
users to control your desktop. If you don’t want to 
have to confirm remote connections explicitly (for 
example, because you want to connect to this sys- 
tem when it’s unattended), you can uncheck the 
Ask you for confirmation box. Any time you leave 
yourself logged in to an unattended system, be sure 
to use a password-protected screensaver! 

vino is limited in this way. Because vino is loaded 
only after you log in, you can use it only to connect 
to a fully logged-in GNOME session in progress— 
not, for example, to a gdm (GNOME login) prompt. 
Unlike vino, other versions of VNC can be invoked 
as needed from xinetd or inetd. That technique is 
out of the scope of this article, but see Resources 
for a link to a how-to for doing so in Ubuntu, or 
simply Google the string “vnc xinetd”. 


Remote Desktop Preterences 


General Advanced 


Sharing 
| v Allow other users to view your desktop 
== v Allow other users to control your desktop 
Users can view your desktop using this command: 
yneviewer iwazaru-ubuntu_wiremonkeys .org:20226 


Security 


Ea When a user tries to view or control your desktop: 
— Ask you tor confirmation 


¥ Require the user to enter this password: 


Password; ‘tebtetettc: 


8 Help A 3¢ close 


Remote Desktop Preferences 
General Advanced 


Network 
a ¥ Only allow local connections 


=|-aa i 
— == ¥ Use an alternative port: 20226 


Securily 


2 | Require encryption 


= ¥ Lock screen on disconnect 
Notification Area 
| © Always display an icon 
@ Only display an icon when there is someone connected 
Never display an icon 


8 Help if 3¢ Close 


Figure 2. General Settings in GNOME Remote Desktop 
Preferences (vino) 
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Figure 3. Advanced Settings in GNOME Remote Desktop 
Preferences (vino) 


Continuing with our vino example, don’t close 
that Remote Desktop Preferences applet yet. Be sure 
to check the Require the user to enter this password 
box and to select a difficult-to-guess password. 
Remember, vino runs in an already-logged-in desktop 
session, sO unless you set a password here, you'll 
run the risk of allowing completely unauthenticated 
sessions (depending on whether a password-protected 
screensaver is running). 

If your remote system will be run logged in but 
unattended, you probably will want to uncheck 
Ask you for confirmation. Again, don’t forget that 
locked screensaver. 

We're not done setting up vino on remotebox 
yet. Figure 3 shows the Advanced Settings tab. 

Several advanced settings are particularly note- 
worthy. First, you should check Only allow local con- 
nections, after which remote connections still will 
be possible, but only via a port-forwarder like SSH 
or stunnel. Second, you may want to set a custom 
TCP port for vino to listen on via the Use an alterna- 
tive port option. In this example, I’ve chosen 20226. 
This is an instance of useful security-through- 
obscurity; if our other (more meaningful) security 


controls fail, at least we won't be running VNC on 
the obvious default port. 

Also, you should check the box next to Lock 
screen on disconnect, but you probably should 
not check Require encryption, as SSH will provide 
our session encryption, and adding redundant 
(and not-necessarily-known-good) encryption will 
only increase vino’'s already-significant latency. If 
you think there's only a moderate level of risk of 
eavesdropping in the environment in which you 
want to use vino—for example, on a small, 
private, local-area network inaccessible from the 
Internet—vino’s TLS implementation may be good 
enough for you. In that case, you may opt to 
check the Require encryption box and skip the 
SSH tunneling. 

(If any of you know more about TLS in vino 
than | was able to divine from the Internet, please 
write in. During my research for this article, | 
found no documentation or on-line discussions 
of vino’s TLS design details whatsoever—beyond 
people commenting that the soundness of TLS 
in vino is unknown.) 

This month, | seem to be offering you more 


Order Today! 


email sales @he.net or call 510.580.4190 


he.net/ip_ transit 
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“opt-out” opportunities in my examples than usual. 
Perhaps I’m becoming less dogmatic with age. 
Regardless, let's assume you've followed my advice 
to forego vino's encryption in favor of SSH. 

At this point, you're done with the server-side 
settings. You won't have to change those again. If 
you restart your GNOME session on remotebox, vino 
will restart as well, with the options you just set. 
The following steps, however, are necessary each 
time you want to initiate a VNC/SSH session. 

On mylaptop (the system from which you want 
to connect to remotebox), open a terminal window, 
and type this command: 


mick@mylaptop:~$ ssh -L 20226:remotebox:20226 admin-slave@remotebox 


OpenSSH's -L option sets up a local port-forwarder. 
In this example, connections to mylaptop’s TCP 
port 20226 will be forwarded to the same port 
on remotebox. The syntax for this option is 
“-L [localport]:[remote IP or hostname]:[remoteport]”. 
You can use any available local TCP port you like 
(higher than 1024, unless you’re running SSH as 
root), but the remote port must correspond to the 
alternative port you set vino to listen on (20226 in 
our example), or if you didn’t set an alternative 
port, it should be VNC’s default of 5900. 

That's it for the SSH session. You'll be prompted 
for a password and then given a bash prompt on 
remotebox. But, you won't need it except to enter 
exit when your VNC session is finished. It’s time to 
fire up your VNC client. 

vino’s companion client, vinagre (also known 
as the GNOME Remote Desktop Viewer) is good 
enough for our purposes here. On Ubuntu systems, 
it’s located in the Applications menu in the Internet 
section. In Figure 4, I’ve opened the Remote 


e Remote Desktop Viewer 


Machine View Bookmarks Help 


a x | & ie 


Connect 

- Remote Desktop Viewer 

Which machine do you want to connect to? 
Host: localhost Peind 


Port: 20226 ~ 


| Ae 
«@ Connect 


Figure 4. Using vinagre to Connect to an SSH-Forwarded 
Local Port 
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Desktop Viewer and clicked the Connect button. As 
you can see, rather than remotebox, I’ve entered 
localhost as the hostname. I’ve also entered port 
number 20226. 

When | click the Connect button, vinagre 
connects to mylaptop’s local TCP port 20226, 
which actually is being listened on by my local 
SSH process. SSH forwards this connection 
attempt through its encrypted connection to TCP 
20226 on remotebox, which is being listened on 
by remotebox’s vino process. 

At this point, I'm prompted for remotebox's 
vino password (shown in Figure 2). On successful 
authentication, I'll have full access to my active 
desktop session on remotebox. 

To end the session, | close the Remote Desktop 
Viewer's session, and then enter exit in my SSH 
session to remotebox—that's all there is to it. 

This technique is easy to adapt to other ver- 
sions of VNC servers and clients, and probably 
also to other versions of SSsH—there are commer- 
cial alternatives to OpenSSH, including Windows 
versions. | mentioned that VNC client applications 
are available for a wide variety of platforms; on 
any such platform, you can use this technique, so 
long as you also have an SSH client that supports 
port forwarding. 


Conclusion 

Thus ends my crash course on how to control 
graphical applications over networks. | hope my 
examples of both techniques, SSH with X forward- 
ing and VNC over SSH, help you get started with 
whatever particular distribution and software 
packages you prefer. Be safe!m 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for 
one of the US's largest banks. He is the author of the O'Reilly book Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linux), an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka”. 


Resources 


The Cygwin/X (information about Cygwin’s free X 
server for Microsoft Windows): x.cygwin.com. 


Tichondrius’ HOWTO for setting up VNC 

with resumable sessions—Ubuntu-centric, 

but mostly applicable to other distributions: 
ubuntuforums.org/showthread.php?t=122402. 


Wikipedia's VNC article, which may be helpful 
in making sense of the different flavors of VNC: 
en.wikipedia.org/wiki/Vnc. 
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Do the Splits 


Get two terminals in the space of one with split screens on a number 


of different command-line tools. 


Even with the high-resolution flat-screen monitors 
we have these days, screen real estate still can be at 
a premium. Of course, if you spend a lot of your 
time in a terminal, this is even more true. When 
you want to compare two files at the same time or 
monitor two different sessions at once, you either 
carefully position terminal windows or rely on tabs. 

Tabs can be fine, but when | use terminals, | like 
to stick to the keyboard as much as possible. Plus, | 
don’t know about anyone else, but for me, there 
are four main programs | run in terminals: mutt, 
vim, screen and irssi. Luckily for me, all of these 
programs support some form of split screens—the 
ability to divide the terminal either vertically or hori- 
zontally. Although these features aren‘t necessarily 
anything new, if you don’t use them every day, it 
can be hard to remember how to split the screen, 
navigate between the sections, and then go back to 
a single screen. In this column, | discuss the split-screen 
features in my four favorite terminal applications 
and provide a simple guide to help us all commit 
them to memory. 


Mutt Pager Indexes 

| suppose if you want to be technical, this isn’t 
exactly the same as the split screens in the other 
tools, but while you are in the mutt pager (the part 
that lets you view the body of an e-mail message), 
by default, mutt fills the entire terminal with the 
e-mail. If you want, however, you can tell mutt to 
take a specified number of lines at the top and 
use them to display your index. This way, you can 
browse through the contents of an e-mail message 


eoommutt 


k blug.org requ 
( 6) [NBLUG/talk] 16 year anniversary Linux t 


L Jun 62 Kyle Rankin 
f Kend 


Figure 1. Mutt with pager_index_lines Enabled 
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but still be able to keep an eye on the other head- 
ers in your index. To use ten lines for this feature, 
simply add the following: 


set pager_index_lines=10 
to your ~/.muttrc. 


Vim Splits 

Vim is my favorite text editor (I've used it for 
basically all of my writing), and its split-screen 
feature is especially useful for sysadmin work. | 
can’t count how many times I’ve made a change in 
one configuration file or script that I've wanted to 
add to a second file. To enable split-screen mode 
for a horizontal split, type: 


:split 
And, for a vertical split, type: 
svSplit 


By default, vim shows the same file in both 
panes. Press Ctrl-W, and then use the regular HJKL 
keys (or arrow keys if you aren't a home-row junkie 
like me) to navigate between panes. So, if | had 
made a horizontal split and wanted to open a new 
file in the bottom pane, | would press Ctrl-W J to 
move the cursor to that pane, and then | would 
type :open filename to open the new file. When 
you are finished with a particular pane, make sure 
the cursor is in that pane, and then save and close 
the file in the normal fashion. 


Figure 2. Vim with a Vertical Split 


Vim isn’t limited only to two panes 
either—simply type the :split or 
:vsplit command again to add a third 
horizontal or vertical pane, respectively. 
You even can split the window horizon- 
tally and then type :vsplit to split that 
pane further into two vertical panes. 


Split Screen 
Screen is another one of those indis- 
pensable command-line tools. If you 
haven't used screen before, it essentially 
allows you to open multiple numbered 
shells, and you can switch to them with 
Ctrl-A <number>. Then, you can detach 
from your screen session and connect to 
it later, and in the meantime, all the 
shells you have opened within it keep 
their state. One way | commonly use 
screen is for irssi, a Command-line-based 
IRC client. | open irssi within screen on a 
server that is always up. Then, no matter 
where | am, | can connect to the remote 
server and resume my irssi session, which 
always stays connected. 

Beyond the standard screen features, 
screen also supports a horizontal split 
screen. This can be useful if you want to 
monitor IRC in one window and per- 
form other commands in the second. 
Also, if you use a text editor or other 
tools that don’t support split panes on 
their own, you can use screen’s split 
feature as a supplement. 

To split the pane within screen, press 
Ctrl-A Shift-S. Then, you can press 
Ctrl-A Tab to move your cursor between 
the two panes. You will notice that the 
bottom pane is empty at the beginning. 
Once you have moved the cursor to it, 
you either can 
switch to a currently 
open window with 
Ctrl-A <number>, 
or you can press 
Ctrl-A C to create a 


Ctrl-A Tab until it has the cursor, 
and then press Ctrl-A Shift-X to close 
that pane. 


Irssi Split 

Irssi is definitely my favorite IRC client, 
and | probably spend as much time 

in it as | do in any other command-line 
program. It also supports an interesting 
split-screen feature that takes some 
getting used to. Basically, each channel 
you join in irssi ends up in its own num- 
bered window. On my setup, | always 
have particular channels set to open in 
a particular window, so when | press 
Alt-7, for instance, | always will go to 
#linuxjournal. Sometimes you have a lot 
of activity going on in more than one 
channel and want to monitor all of 
them. So, for instance, if | want to view 
both #linuxjournal (in window 7) and 
#nblug (in window 4), and | already am 
in #nblug, | could type: 


/window show 7 


Now the irssi screen splits in half 
with #linuxjournal on the top and 
#nblug on the bottom. If | want to chat 
in #linuxjournal, | press Alt-7 to make 
sure it is selected (the topic header on 
irssi updates to show the currently 
selected window). Then, if | want to 
chat in #nblug, | press Alt-4. 

Irssi split windows become interest- 
ing once you start switching beyond 
two windows. Going back to the exam- 
ple, if | press Alt-5 now (my #knoppix 
window), the bottom window changes 
to that channel. By default, irssi makes 


#linuxjournal [Client 


#Linuxjournal 


#linuxjournal 


new window in 
that pane. Screen 
also supports multi- 
ple panes. Simply 
press Ctrl-A Shift-S 
a second time to 
split the session 
into three equally 
sized panes. When 
you are ready to 
close a pane, press 


@nblug 


@nblug 
#nblug 
tf anblug 


Figure 3. Irssi with Two Windows 
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Figure 4. Screen Split with Two Panes, a Split Irssi on Top and a 
Vertically Split Vim on the Bottom 


the top window in a split screen “sticky”, so that it appears no 
matter what other windows you switch to along the bottom. 
If | want to turn off sticky mode for that window | would type: 


/window stick 7 off 


Now, when | switch between windows with the Alt key, 
the top or bottom window switches, depending on which 
had focus last. If | want to stick #linuxjournal on the top 
again, | type: 


/window stick 7 


Once you are finished with your split screen (or if you are 
getting confused and want to turn it off), type: 


/window hide 


to hide the currently selected window. If that window is 
sticky, it won't be able to hide until you turn off stickiness 
with /window stick off. 

Now, what would a column about splits be if | didn’t 
show an insanely complicated nested set of split screens? 
Note that | don’t advocate actually using a setup like the 
following on a daily basis, but Figure 4 shows what hap- 
pens when you split screen into two windows, open a split 
irssi on the top window and a vertically split vim on the 
bottom. | hope these split-screen features help you stay 
organized and productive.— 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author of a 
number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is currently 
the president of the North Bay Linux Users’ Group. 


ASA 
COMPUTERS 


Want your business to be more productive? 


The ASA Servers powered by the Intel Xeon Processor provide the 
quality and dependability to keep up with your growing business. 


Hardware Systems for the Open Source 
Community - Since 1989. 
(Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MS, etc. 


1U Server - ASA1401i 


- 1TB Storage Installed. Max - 3TB. 

- Intel Dual core 5030 CPU (Qty-1), Max-2 CPUs 
- 1GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

- 4X250GB htswap SATA-II Drives Installed. 

- 4 port SATA4I RAID controller. 

~ 2X 10/100/1000 LAN onboard. 


2U Server - ASA2121i 


- 4TB Storage Installed. Max - 12 TB. 

~ Intel Dual core 5050 CPU. 

- 1GB 667 MGZ F BDIMMs Installed. 

- Supports 16GB FBDIMM. 

- 16 port SATA-II RAID controller. 

- 16X250GB htswap SATA-II Drives Installed. 
~ 2X10/100/1000 LAN onboard. 

- 800w Red PS, 


3U Server - ASA3161i 
- 4TB Storage Installed. Max - 12TB. 
- Intel Dual core 5050 CPU. 
J) -1GB 667MGZ FBDIMMs Installed. 
/ . Supports 16GB FBDIMM. 
- 16 port SATA-II RAID controller. 
- 16X250GB htswap SATA-II Drives Installed, 
- 2X10/100/1000 LAN onboard. 
- 800w Red PS. 


5U Server - ASA5241i 

- 6TB Storage Installed. Max - 18TB. 

~ Intel Dual core 5050 CPU, 

- 4GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

- 24X250GB htswap SATA-II Drives Installed. 
- 24 port SATA-II RAID. CARD/BBU. 

- 2X10/100/1000 LAN onboard. 

- 930w Red PS. 


8U Server - ASA8421i 


- 10TB Storage Installed. Max - 30TB. 
- Intel Dual core 5050 CPU. 

- Quantity 42 Installed. 

- 1GB 667MGZ FBDIMMs. 

- Supports 32GB FBDIMM. 

- 40X250GB htswap SATA-II Drives Installed. 
- 2X12 Port SATA-II Multilane RAID controller. 
- 1X16 Port SATA-II Multilane RAID controller. 
- 2X10/100/1000 LAN onboard. 

- 1300 W Red Ps. 


All systems installed and tested with user's choice of Linux 
distribution (free). ASA Collocation—$75 per month 


2354 Calle Del Mundo, 
Santa Clara, CA 95054 
Www.asacomputers.com 
Mail. sales@asacomputers.com 
P: 1-800-REAL-PCS | FAX: 408-654-2910 


Intel®, Intel® Xeon™, Intel Inside®, Intel® itanium® and the Pp f | 
Intel Inside® logo are trademarks or registered trademarks of owe r U Ld 
= 8 
Efficient. 


Xeon 


inside” 


Intel Corporation or its subsidiaries in the United States and 
other countries. 


Prices and availability subject to change without notice. 
Not responsible for typographic errors, 


)) New PRobucTS 


SnapLogic for Amazon EC2 


Under the paradigm “Really Simple Integration”, the firm SnapLogic has 
released SnapLogic for Amazon Elastic Compute Cloud (EC2), a new 
variant of its open-source data integration framework. SnapLogic for 
EC2 “provides Amazon Web Services users with a convenient SnapLogic 
deployment option that scales easily and eliminates the costs of acquir- 
ing and maintaining expensive server hardware”. SnapLogic for EC2 also P Tasers aa Ge 
makes it easier than ever to “easily integrate data in the cloud with data snd Petes «Rept with HTML metago 

behind the firewall”. Offered in two editions, a GPL'd Community 

Edition and a commercial Enterprise Edition, SnapLogic enables enterprises quickly and easily to make data from databases, SaaS 
applications, SOA Web services and other common data sources. The Really Simple Integration paradigm allows knowledge 
workers to use familiar tools, such as Web browsers, Google and Excel to discover, consume, transform and publish enterprise 
data, creating a virtuous cycle of self-service data access and distribution. 


www-.snaplogic.com 


iStor Networks’ 10GbE 
integraStor 1S512-10G 


The latest iSCSI solution from iStor is the iS512-10G, a 10Gb model of the iS512 integraStor storage system, which iStor calls 
“the world’s fastest scalable iSCSI storage array optimized for small and medium businesses”. This second-generation 10GbE iSCSI 
storage array offers native 10Gbps architecture supporting full duplex wire speed data rates in excess of 1,100MB/sec and is 
“2.5 times faster and significantly less expensive than 4G Fibre Channel”, says iStor. iStor also notes that mass adoption of 10GbE 
is close to or perhaps at its tipping point, given the cost per Gbps of 10GbE ports dropping below that for 1GbE ports, as well as 
the rate of server consolidation driven by virtualization. 


www.istor.com 


Talend’s Open Profiler — 
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Got “dirty” data? Skip the Pine-Sol and opt for Talend’s Open 
Profiler. Open Profiler is an open-source data profiler, which enables 


companies to assess the quality of data and decide which actions a = a : 

must be taken to correct the dirty data that irritates customers and as =a - 

costs companies time and money. “Data profiling is the first step to a ‘eetnecnrse sxc ; —— 
achieving reliable, trustworthy data”, says Talend. Such profiling ——— | ——— ™ 7 ete 


reduces the time and resources needed to find problematic data 
and allows companies to identify potential problems before beginning 
data-intensive projects, such as data integration or new application 
development. It also allows business analysts to have more control 
over the maintenance and management of the data. 


www.talend.com 
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CS 
» Arkeia’s EdgeFort 500 Series 
Backup Appliance 


Arkeia is expanding its appliance business with the new EdgeFort 500 Series, an all-in-one, hardware and software backup 
system. This set of appliances comes standard with 5B virtual tape library (expandable to 10TB), disk-to-disk-to-tape management 
software, Fibre Channel connectivity and is fully integrated with Arkeia's network backup software. Arkeia’s federated data 
management architecture allows remote and centralized data protection, making it possible for remote offices and branch offices 
to back up, restore and archive critical data, with no local IT resource needed. The EdgeFort 500 series is for the largest data 
centers, while the earlier 100, 200 and 300 models were for small, medium and large ones. 


www.arkeia.com 
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NEW PRODUCTS 


HP’s Tru64 UNIX Advanced File System 


Although HP's Tru64 UNIX Advanced File System (AdvFS) has been available for more than 16 years, the big news is the recent 
contribution of its source code to the Open Source community. HP states that “the AdvFS source code includes capabilities that 
increase uptime, enhance security and help ensure maximum performance of Linux filesystems”. HP will contribute the code as a 
reference implementation of an enterprise Linux filesystem under the terms of General Public License Version 2 for compatibility 
with the Linux kernel. In addition, HP will provide design documentation, test suites and engineering resources. HP further hopes 
that the source code will serve as a technology base to advance ongoing development of Linux by providing a comprehensive 
foundation for Linux kernel developers to leverage and improve Linux filesystem functionality. 


advfs.sourceforge.net 


Adobe AIR in Action (Manning) 


The authorial team of Joey Lott, Kathryn Rotondo, Sam Ahn and Ashley Atkins are riding the Adobe AIR 
wave with their new book Adobe AIR in Action, published by Manning. Adobe AIR, which also is available 
for the Linux platform, is a cross-platform runtime environment that allows Web developers to use their 


existing skills to start building applications for the desktop. The example-driven book introduces AIR to in Action 
developers familiar with Flash and Flex, showing them how to build solid AlR-driven desktop applications. 

Readers will learn the essential features of the AIR API. The book shows how to create and customize ten 
native windows, as well as how to read and write files and folders on the local filesystem. Adobe AIR in Haley has 


Action also shows how to set up and connect to a local database, detect network connectivity and 


connect to Web services, bridge ActionScript and JavaScript, and deploy and update their applications. ssid 


Wwww.manning.com 


Chris Haseman’s Android Essentials (Apress) 


Will Google's Android mobile OS live up to its billing and shake up the world of mobile devices? 
Judge for yourself with the help of Chris Haseman'’s new book Android Essentials from Apress. 
Intended for professional software engineers seeking to move their applications into the mobile 
space, this book is a “no-frills, no-nonsense, code-centric run through the guts of application 
development” on Android. Rather than cover the entire Android catalog, Android Essentials 
focuses on only four main topics: the application life cycle and OS integration, user interface, 
location-based services and networking. Among other things, readers will learn how an Android 
application functions and communicates with the handset that hosts it, the complexities of 
timers, services and multimedia playback and much more. 


www.apress.com 


Protecode for Governance and IP Management 


Protecode is a software-development solution for governance and IP management that 
utilizes so-called protecoding, a unique methodology to ensure software pedigree tracking. 
The company says that the latest release “enables commercial software developers and 
open-source creators to accelerate managed adoption of open-source code in a simple, 
painless process”. Protecode automatically generates records of software content, identifies 
and reports associated pedigree and licensing information by checking its properties and 
compliance against an organization's policies, establishing IP ownership and creating a 
software Bill of Materials (BOM). The tool brings forward the detection of license policy 
violations to the developer's desktop, where they can be addressed before becoming deeply 
embedded into the product. A complimentary one-year subscription to Protecode currently 
is available to anyone working actively on an Eclipse Project. 


iat) 


www.protecode.com 


Please send information about releases of Linux-related products to newproducts@linuxjournal.com or New Products 


c/o Linux Journal, 1752 NW Market Street, #200, Seattle, WA 98107. Submissions are edited for length and content. 
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Fresh from the Labs 


PlayStation 
Portable Video 
Converter (PSPVC) 


(pspvc.sourceforge.net) 


First off is a handy tool for all you fellow 
PSP owners out there. PSPVC allows you 
to convert a video file into the PSP's native 
format and take care of its mandatory 
file-naming scheme. According to PSPVC's 
Web site: “PSPVC is an FFmpeg front end 
for converting video files for the PSP. It 
allows you to queue several conversions 
with different parameters for each. It 
supports MPEG-4/SP (all firmware) and 
H264/AVC (firmware 2.0+).” 


Filename Thomeinhojimpegetcitiine inch Nals - Perfect Drug a frowse 


Tale Nine inch Nails « Perfect Orug 
Profile LD H264 (VC (1.6/9) 4800272 vow 384kb abe Gakb | Fj 


volume 100 > % 
PSP Riename MAQ |10010 


PSPVC—PSP owners now can convert their 
videos with ease with this nice little application. 


Installation PSPVC is available 
with certain distro repositories, but 
I'm running the bleeding-edge source 
version. In terms of requirements, 
PSPVC isn't too picky and uses fairly 
common libraries for most multimedia 
systems, including nasm, libfaac, 
liba52, lioxvidcore and GTK+ 2.0. 
However, you also need the develop- 


(as root or with sudo): 
# ./install.sh 


If you're lucky, the install script 
should configure and compile itself in 
one long go. If it gets stuck partway 
through, it probably needs a library, 
and it will let you know in an error 
message. Once the script is finished, 
a menu entry usually appears under 
Multimedia—PSPVC - Video Converter, 
or you can start it by entering pspvc at 
the command line. 

Usage Once loaded, the first 
thing you need to do is choose a 
video file to convert. The first field 
has a Browse button next to it, so 
choose the file you want to convert 
from there, and click Open. The file is 
loaded into the main screen, and you 
are given a number of options from 
which to choose before conversion. 
The first is called Profile, where you 
can select the video's aspect ratio 
(16/9 for widescreen or 4/3 for the 
older full-screen format), bitrate 
and codec. If you choose MPEG-4/SP, 
it will work on any PSP. However, 
selecting H264/AVC gives you better 
quality, but works only on PSPs that 
have had a firmware upgrade since 
version 2.0. 

If the video's volume is too loud or 
quiet, the Volume field allows you to 
adjust it before encoding starts. The PSP 
Filename field is the trickiest; it contains 
the MAQ number, which makes you 


PSPVC allows you to convert a video file into 
the PSP’s native format and take care of its 
mandatory file-naming scheme. 


ment packages for these multimedia 
libraries—named in the style of 
liba52-dev, libfaac-dev and so on— 
although this may not be the case if 
you are using a source-based distribution 
instead of a binary one. 

Grab the installation tarball from 
the project’s Web site, and extract it 
to a new directory. Enter the new 
pspvc-install directory, open a terminal 
there, and enter the following command 


choose a filename number that hasn't 
already been assigned in your PSP's 
video folder. This requires you to plug in 
your PSP, look under the video folder 
(my PSP uses mp_root/100mnv01, but 
yours may differ) and choose a number 
that doesn’t appear on any filenames, 
if you already have some files in there. 
If there's nothing there to begin with, 
10001 will do fine; otherwise, choose 
a new number. 
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Once all the options are out of the 
way, press Convert. A new window 
appears showing the conversion pro- 
cess, and a thumbnail generator lets 
you see a preview of the video you are 
converting. Once the conversion is fin- 
ished, your new video will be sitting in 
the same folder as the video you chose 
to convert. Copy this new file to your 
PSP’s video folder along with its corre- 
sponding videoname.thm file, and your 
new video is ready to play. 

All in all, PSPVC is a simple and 
pain-free application that even has an 
easy compilation process. If you're a 
PSP owner, I’d put PlayStation Portable 
Video Converter in the must-have 
category. Hopefully, it will appear in 
most distro archives soon. 


PCManFM— 
Lightweight 
File Manager 


(pcmanfm.sourceforge.net) 


PCManFM is a lightweight file man- 
ager that is both quick to load and 
easy to use. It includes tabbed brows- 
ing and device viewing, and it may 
well scratch an itch for those who 
like things streamlined. Here’s the 
feature list, according to the project's 
Web site: 


m@ Extremely fast and lightweight. 


@ Can be started in one second on 
normal machines. 
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PCManFM—Fast and Light File Management, 
with Tabbed Browsing 


@ Tabbed browsing (similar to Firefox). 


@ Built-in volume management 
(mount/umount/eject through HAL). 


m@ Drag-and-drop support. 
@ Files can be dragged among tabs. 


@ Loads large directories in a reasonable 
amount of time. 


m File association support 
(default application). 


@ Thumbnails for image files. 
@ Bookmark support. 


@ Handles non-UTF-8-encoded 
filenames correctly. 


@ Provides icon and detailed list views. 


m@ Standards-compliant (follows 
FreeDesktop.org). 


@ Clean and user-friendly interface 
(GTK+ 2). 


Installation Aside from the usual X11 
libraries, here are the needed dependen- 
cies, as stated on the project's Web site: 

@ automake >= 1.9. 


@ libgtk2.0-dev >= 2.6. 


@ libglib2.0-dev >= 2.6 (2.10+ is 
highly recommended). 


@ libgamin-dev or libfam-dev (lipgamin 
is preferred). 


@ libstartup-notificationO-dev. 


@ libhal-dev (required when the 
--enable-hal configure option is used). 


@ libdbus-1-dev (required when the 
--enable-hal configure option is used). 


@ libhal-storage-dev (required when 
--enable-hal configure option is used). 


Once you have the dependencies 
out of the way, head to the Web site, 
grab the latest tarball and extract it to a 
new folder. Open a terminal in the new 
folder, and do the usual: 


$ ./configure 
$ make 


And, as root or with sudo: 
# make install 


It should work without any issues, 
and if it doesn’t, the configure script 
should pick up any snags. 

Usage Once the installation fin- 
ishes, PCManFM can be started either 
by entering pcmanfm at the command 
line or by going to Utilities +PCMan 
File Manager. Once inside the main 
screen, you'll notice two panes. The 
left contains links to your home 
folder, the desktop and your storage 
devices. The right contains all of your 
files and folders. For tabbed brows- 
ing, you can go to File—New Tab, or 
press Ctrl-T. You can open a new win- 
dow by selecting File+New Window 
or pressing Ctrl-N. 

For further usage exploits, | rec- 
ommend tweaking the settings under 
Edit—Preferences. Here you can 
change things such as colors and icon 
and font sizes, but most important, 
you can define which terminal you 
want to load via a shortcut, such as 
xterm, eterm and so on. Once this is 
set, when you are browsing around 
any folders, pressing F4 or choosing 
ToolOpen Terminal opens a new 
terminal that already is pathed to the 
folder in which you're sitting. 

Ultimately, PCManFM is the best 
lightweight file manager I've used so 
far. It has a feel reminiscent of a 
streamlined Konqueror, and | recom- 
mend it to anyone who needs a file 
manager that is light on resources. 
For any lightweight distro builders, | 
also recommend trying this as your 
default file manager—the interface is 
very intuitive and familiar. 


Xfburn—XFCE 
CD Burner 


(www.xfce.org/projects/xfburn) 


Finally, we have a CD-burning applica- 
tion for fans of the Xfce desktop, or 
even for those wanting a nice but 
light application for slower machines. 
According to its Web site, “Xfburn is a 
simple CD/DVD-burning tool based on 
libburnia libraries. It can blank CD-RWs, 
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Xfburn—Very K3b-ish but without the Bulk 


burn and create ISO images, as well as 
burn personal compositions of data to 
either CD or DVD. It is currently under 
heavy development.” 

Installation Xfburn is available in 
some repositories, but as usual, it's 
typically an older version (I’m compil- 
ing 0.3.0 at the moment; at the time 
of this writing, the Ubuntu servers 
have version 0.2.0). Running with the 
source version, there are a few picky 
requirements, but not too many. Like 
almost all Linux apps designed for a 
certain desktop, they can be run in 
any desktop you like, but you need to 
have some of the original desktop's 
libraries installed. So yes, install Xfce 
while you're there. 

As for other dependencies, the 
configure script whined about libburn 
and libiosfs, which | installed from the 
Ubuntu archives, but that didn’t work. 
The Web site mentions libburnia, which 
| couldn't find in the archives at all, so 
| actually grabbed the source for libisofs 
and compiled that, which did work 
(the libburnia/libisofs home page is at 
libburnia-project.org). The last thing 
the configure script niggled about was 
something called exo, which was fixed 
when | installed libexo and libexo-dev. 
After that was all sorted out, it was 
smooth sailing from there. 

So, grab the latest tarball, extract it, 
open a terminal in the new folder and 
do the usual: 


$ ./configure 
$ make 


And, as root or with sudo: 
# make install 


Usage On what must be a record 
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string of luck, Xfburn was the third 
app in a row to install itself in the 
menu. Check under Utilities~Xfburn. 
If it’s not there, enter xfburn at the 
command line. For me, first impres- 
sions were of a slimmed-down K3b, 
and if you’re finding this strangely 
reminiscent of that last PCManFM 
section, you're right. This is another 
one of those instant-loading pro- 
grams that doesn’t contain a zillion 
warning messages upon startup, and 
it has functional aesthetics without 
being ugly and GNOMEish (yes, | said 
it—send all hate mail to the address 
at the end of this article). 

However, usage still is fairly 
restricted for the moment. As you can 
see from those three big buttons at 


the start, you currently are limited to 
“Burn Image, New Data Composition 
and Blank Disc”. Any new projects 
are opened in new tabs, K3b style, 
leaving the welcome screen at the 
first tab, allowing you to continue 
with more burning tasks. The Preferences 
section is clean and simple, and it lets 
you scan for devices without any of 
the manual trickery you may expect 
from a lightweight application. The 
nicest touch | found was the drop- 
down box toward the bottom right 
of the screen when composing a new 
disc that lets you choose whatever 
size disc you are using on the fly— 
very refreshing. 

For the moment, this application is 
quite limited in that it's data-only for 


Projects at a Glance 


QBrew 
Home Brewing Calculator 
(www.usermode.org/code.html) 


For the lucrative free-as-in-beer 
Linux drinking market comes the 
home brewing calculator QBrew. 
Full of great technical stuff like 
mash content, something called 
the Morey color calculation, pre- 
sets for all kinds of beers/ales 
across the globe, and the thought- 
ful ability to change between 
metric and imperial, this project 
is a must for any home brewers 
out there. 
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Knitter 
3-D Knitting Tool 


(knitter.sourceforge.net) 


Are you bored with the usual pat- 
terns in supermarket magazines and 
looking for something more hard- 
core? Well for you knitting maniacs, 
Knitter is a 3-D knitting tool that 
runs on Linux, Windows and Mac 
OS. With Knitter, you can preview 
patterns in full wire frame 3-D and 
even account for factors such as 
gravity with a new physics engine. 
So for all you hard-edged, danger- 
ous knitting mavericks, rock on! 


Knitter 


now (no audio CDs or video DVDs), 
but it still is in heavy development. 
The development team has made the 
wise choice of making the program 
very modular and scalable, allowing 
them to add bits later but keep 

the mechanics tight on what they 
have coded for now. Again, for any 
lightweight distro builders, this is a 
neat choice, and once development 
has added further functionality, 
Xfburn and PCManFM would make a 
formidable combination for everyday 
desktop usage.m 


John Knight is a 24-year-old, drumming- and climbing- 

obsessed maniac from the world’s most isolated city—Perth, 
Western Australia. He can usually be found either buried in an 
Audacity screen or thrashing a kick-drum beyond recognition. 


TkResolver++ 
Telekinesis Testing Software 
(pkl.net/~node/software/tkresolver) 


Now for the most literal case of 
mind-bending software I've seen. 
This scientific experiment draws a 
line down the screen that’s influ- 
enced directionally by a random 
number generator. Your job is to 
try to influence the line’s behav- 
ior with your mind, and the pro- 
gram records the results, which 
can be compared to other opera- 
tors’ statistics around the globe— 
just don’t bend your monitor's 
cathode ray. 


TkResolver 


Brewing something fresh, innovative or mind-bending? Send e-mail to knight.john.a@gmail.com. 
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The Official User Conference of The Apache Software Foundation 


Leading the Wave of Open Source 


November 3-7, 2008 
Sheraton Hotel | New Orleans 


Bringing Users, System Administrators, Enterprise Business Developers 
and Architects together with ASF Members and Committers to 
meet, geek and create the future of Open Source. 


( o » Aeocheo pw ANNOUNCING the co-location of 
Open For Business OFBiz Symposium 


OFBiz.Apache.org Project 
The Apache Open For Business Symposium will offer an in-depth Training, along with two days of 
Business and Technical Sessions, covering innovations, developments, and opportunities in Open 
Source technology through the creation and collaboration of specialized applications. 


ApacheCon and OFBiz Symposium, five days of Open Source at it’s finest! 
Internationally-Recognized Speakers, Presenters, and Instructors | In-Depth Trainings and Presentations 
“First-Looks” at Groundbreaking New Technologies | Apache from A to X | BOF Sessions. . . and more! 


Special Events Include: 
Hackathon, BarCampApache, Business Panel, Receptions, Hadoop Camp, Lightning Talks, 
PGP Keysignings, Fast Feather Tracks, and a “Voluntourism Project” to help rebuild New Orleans! 


Experience the future of Open Source 


ofp Ltn /eeerus-apachecon.com | ofp 


Sign Up Today! 


Receive 10% Off Full Conference and Single Day Passes 


(To receive the 10% discount, use discount code “Community”; Training Sessions Excluded) 
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apc © ee 


invent HIPPO 


@>-y LINUX es WS@ 


IONA spring YAHOO! 


$0 0 0F 


on ran hee ee 


REVIEW 


SOFTWARE 


Simplifying Backups with 
Zmanda Recovery Manager 


An easy-to-use yet comprehensive backup and recovery solution for MySQL 
databases is at the top of every DBA’s wish list. ALOLITA SHARMA 


Most modern enterprises process 
immense amounts of data as part of 
their day-to-day operations. On-demand 
access to this data is critical, and most 
enterprises invest heavily in relational 
database technologies to manage their 
data. Cutting-edge technologies at 
cost-effective prices have led many 
enterprises to adopt open-source 
databases such as MySQL. As a result, 
MySQL has become a core component 
of many data management solutions. 
Traditionally, backup of data stored 
in relational databases like MySQL has 
been an art form, practiced by database 
administrators who have relied on a 
mix of command-line wizardry, custom 
scripts and, sometimes, just sheer luck. 
Successful data recovery often is seen as 
black magic, or almost. Not surprisingly, 
most backup and recovery strategies 
emphasize the backup phase, but they 
don’t actually test whether data can be 
recovered successfully when it's needed. 
Zmanda, Inc., a startup based in 
Sunnyvale, California, aims to bring san- 
ity into the backup and recovery process 
of MySQL databases by incorporating 
industry best practices in its product— 
Zmanda Recovery Manager (ZRM) for 
MySQL. Zmanda’s strong expertise in 
open-source backup and recovery soft- 
ware comes from many years of work 
by the company’s core engineers on the 
award-winning Amanda open-source 
backup system, a project started at the 
University of Maryland back in 1991. 


What Is the Zmanda Recovery 
Manager (ZRM)? 

ZRM provides a comprehensive open- 
source solution for backup and recovery 
of MySQL databases. ZRM eases day- 
to-day backup and recovery tasks with 
its Web-based Zmanda Management 
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Figure 1. Summary of Backup Parameters in Zmanda Management Console 


Console (ZMC). The management 
console integrates with the Zmanda 
Network to provide on-line documen- 
tation and other support services for 
ZRM. Because it is open source and 
supports common standards, as well 
as open data formats for backups, 
ZRM frees you from vendor lock-in. 
ZRM's command-line interface (CLI) 
integrates well into existing backup 
and recovery processes. 

Enabling advanced backup and 
recovery practices, ZRM provides 
Continuous Data Protection (CDP) for 
MySQL by combining filesystem-level 
snapshots along with data from MySQL 
binary logs. Filesystem snapshots help 
reduce database server downtime, 
especially when working with large 
databases. ZRM uses a flexible frame- 
work of plugins for snapshotting LVM, 
NetApp SnapManager, Windows VSS, 
Veritas VxFS and Solaris ZFS. Plugins for 
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NetApp SnapManager and Veritas VxFS 
are sold separately. 

Zmanda offers three versions of 
ZRM for MySQL: the ZRM Enterprise 
edition, ZRM Cluster edition and ZRM 
Community edition. The Enterprise 
edition includes a graphical installer, 
Zmanda Management Console, 
command-line interface and plugin 
framework. Three levels of support 
(Basic, Standard and Premium) are 
available for Enterprise edition cus- 
tomers. An annual subscription with 
basic support starts at $300 (US). 
Customers using the NDB storage 
engine with MySQL Cluster can take 
advantage of the ZRM Cluster edition. 
The Community edition is a freely 
downloadable subset of the Enterprise 
edition, licensed under the GNU 
GPLv2, which supports LVM snapshots 
but does not include the ZMC and 
the graphical installer. 


Zmanda REcovery Manager for MYSQL 2-2 installation 


zmanda 
Open Source 
Backup 


Setup - Zmanda Recovery Manager for MySQL 


Welcome to the Zmanda Recovery Manager for 
MySQL Installation Wizard. 


This wizard will install Zmanda Recovery Manager 


for MySQL server, client, and Zmanda 
Management Console (ZMC) software including all 
dependencies and additional components such 


ZRM for 


as MySQL, PHP, Perl and an Apache web server. If 


you already have any of these components 


MySQL 


Enterprise 


installed, this wizard WILL NOT modify your existing 
configurations. 


Created with an evaluation version of BitRock 


InstallBuilder 


< Back | | Next > | | Cancel | 


Figure 2. The graphical installer makes setting up ZRM a piece of cake. 


Review Environment 

| evaluated the Zmanda Recovery 
Manager for MySQL Enterprise edition 
version 2.2. The test platform (ZRM 
server) was Red Hat Enterprise Linux 
5.1 installed on a PC with an Intel Dual 
Core 3GHz processor, 4GB of system 
memory and a 750GB SATA hard disk. 
| installed MySQL Community Server 
version 5.0.51a-0 locally on the ZRM 
server as well as on another PC with 
Ubuntu 7.10 server installed. With this 
configuration, | was able to test ZRM’s 
ability to back up from and restore to 
local and remote MySQL servers. Note 
that MySQL versions 4.1.x are also 
supported by ZRM. Finally, | set up my 
test databases on a 50GB LVM (Logical 
Volume Manager) partition to test 
ZRM's hot backup capabilities. 


Installing ZRM 

Zmanda provides installation packages for 
ZRM on Red Hat Enterprise Linux, SUSE 
Linux Enterprise, Fedora, CentOS, Solaris 
and OpenSolaris. To install ZRM, down- 
oad the ZRM graphical installer binary 
executable and ZRM license key file 
from the Zmanda Network site. The 
icense key file has to be placed in 
/etc/zmanda/zmanda_license. A full 
installation of the ZRM Enterprise edition 
includes command-line tools, a MySQL 
server instance for use by ZRM, an 


Apache Web server instance for ZMC and 
a PHP 5.2.x and Perl 5.8.x environment. 
Getting ZRM up and running is easy, 
if you're familiar with a MySQL environ- 
ment on Linux. A couple minor but 
necessary post-installation tasks included 
setting up sudo permissions for the 
mysql system user and creating a MySQL 
server user account with the right privi- 
leges to perform backups and restores. 


Zmanda Management Console 
The ZMC is a Web-based interface that 
acts as a control panel for managing the 
backup and recovery process end to end. 
Each major function (for example, Backup, 
Monitor, Report, Admin and Restore) is 
represented by a tab and corresponding 
panel in ZMC's interface. A key concept to 
understand while using the ZMC is that of 
a “backup set”. A backup set defines a 
group of databases or tables in a database 
on a MySQL server. Once a backup set has 
been defined, a ZMC user can configure 
various actions for that backup set. To 
help you get a feel for ZRM, the following 
sections highlight ZRM functions accessi- 
ble through the ZMC. 


Backup 

ZRM provides several ways to back up 
MySQL. Important factors to consider 
when choosing the best way to back up 
a MySQL database include database 


availability during backup and the size 
of your database. 

Logical backup should be considered 
if you're looking for flexibility. A logical 
backup captures the output of the 
mysqldump utility and supports all 
MySQL storage engines except NDB. 
You can restore a logical backup to a 
platform different from the original. 
For example, a backup of a MySQL 
database running on an RHEL x86 
system can be restored to a MySQL 
database running on a Solaris Sparc sys- 
tem. However, the flexibility of a logical 
backup comes at a price. MySQL tables 
are read-locked during backup. Also, 
restoring a large database can be slow, 
as SQL statements are used to re-create 
the database. Furthermore, the size of 
the backup can be larger than the actual 
database or table being backed up. 

Raw backups should be considered if 
you want minimal database downtime 
or if your database size is really large. 
Raw backups can take advantage of 
filesystem-level snapshots to shorten 
backup times. Also, the backup size of a 
raw backup is the same as the size of 
the data being backed up, but a raw 
backup is restrictive because it can be 
restored only to the exact MySQL server 
version on the same kind of platform. If 
you have a large database and/or high 
transaction volume, you should consider 
using the quick snapshot option to 
reduce backup time further, because the 
filesystem snapshot becomes the backup 
and is not copied to the ZRM server. 
Note that on Linux, LVM snapshotting is 
supported only for local MySQL backups. 

ZRM makes it easy to run a mix of 
full or incremental backups. Full back- 
ups include all data in a database, 
whereas incremental backups capture 
the changes since the last successful 
backup. Incremental backups require 
that binary logging is enabled on the 
MySQL server. 

If data security is a requirement, ZRM 
can utilize SSL for remote backups, and it 
can encrypt backup images using standard 
encryption tools, such as GnuPG. 

| tested ZRM's backup functionality by 
running variations of full and incremen- 
tal, logical and raw (with the quick snap- 
shot option) backups of a million-record 
database table. The backups completed 
without any problems, and | was able to 
verify this using the summary report page 
under the Report tab in the ZMC. 
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Q&A with Zmanda 


We talked with Chander Kant, 
CEO and cofounder of Zmanda, 
as well as Paddy Sreenivasan, VP 
of Engineering and cofounder of 
Zmanda, about ZRM, open-source 
backup and growing an Open 
Source community. 


AS: Why should customers look at 
Zmanda Recovery Manager and 
open source? 


CK: Although products based on 
open source and open standards 
almost always come with lower ini- 
tial cost of acquisition, the greater 
benefit is achieved over the life cycle 
of the deployment. Inherent free- 
dom provided by open products 
enables IT managers to lower the 
cost of ongoing maintenance signifi- 
cantly. Let’s say your organization is 
using an operating system that is 
popular today, but becomes out of 
favor in a few years’ time. It is possi- 
ble, actually probable, that a propri- 
etary backup vendor will withdraw 
support for this unprofitable operat- 
ing system. This would force you to 
make a choice between either using 
some ad hoc mechanism to back up 
that system or to replace the system 
with a different OS—both costly 
choices. Open Source communities 
are known to provide support for 
older (and sometimes obscure) 
platforms. Furthermore, the source 
code is available to compile or 
recompile the software for a 
particular operating system. 


Future profitability of proprietary 
software vendors depends on lock- 
ing in customers to their proprietary 
formats and components. For exam- 
ple, if you use proprietary backup 
products to write to a tape, the only 
way to recover data from that tape 
is to use the same (and in most 
cases, the exact version of the) prod- 
uct. If you were restoring from the 
tape seven years from now, you'd 
better have the specific version of 


the product lying around with a 
valid license or be ready to pay a 
premium price to recover your own 
data. In contrast, data backed up 
with Zmanda’s products is always in 
an open format. Customers can 
recover their data even without 
using our products (of course, it is 
easier to recover if they do use our 
products). Also, the data can be 
repurposed for other applications 
(such as e-discovery). 


AS: How did you come up with the 
idea of building an open-source 
database backup solution? 


CK: We are the leading open-source 
backup company. For any backup 
company to be interesting for cus- 
tomers, you need a good database 
backup story. For us, it was a clear 
choice: MySQL is the leading open- 
source database—we had to be 
the core backup solution provider 
for MySQL. 


AS: Why did you start Zmanda? 
How did you come up with 
the name? 


CK: The company was founded 
around the Amanda open-source 
backup community. But we always 
wanted to do more than Amanda 
(such as our ZRM product line). So, 
we flipped A to Z and came up with 
Zmanda. Our slogan is that we are 
the “A to Z of Backup”. 


AS: What are your plans to provide 
a VMware virtual image of ZRM? 


CK: We are going to start offering a 
VM for the ZRM Community edition 
and see how the adoption goes. We do 
think it makes a lot of sense for ZRM 
to be shipped as a virtual appliance. 


AS: Can you tell us what's on ZRM's 
road map? 


CK: ZRM is growing in multiple 
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directions. ZRM will be supported 
natively on Windows in an upcom- 
ing release. Today, you can back 
up MySQL running on Windows; 
however, you need a Linux server 
to run the ZRM core engine. Also, 
ZRM will be expanded to support 
MySQL-based applications, such as 
SugarCRM, MediaWiki and so on. 
So, not only will ZRM be able to 
back up the underlying MySQL 
database, but it also will be able 
to back up the surrounding 
environment—for example, a 
SugarCRM administrator simply 
can push one button for overall 
backup and recovery. 


AS: What Linux distributions are 
supported by ZRM today? 


PS: ZRM supports practically all RPM- 
based distributions. We also support 
other platforms like Mandriva and 
FreeBSD in our Community edition. 
Although we do not have a graphical 
user interface and installer for these 
platforms, we do provide default 
configurations that will allow you 
to do backups right away. 


AS: How large and active is 
ZRM's community? 


PS: The ZRM community is a mix of 
thousands of developers and end 
users. ZRM is written in Perl, and its 
architecture is plugin-based. This 
encourages more contributions from 
MySQL DBAs. Our engineers monitor 
forums actively, and usually you can 
expect a response within a day. We 
see thousands of downloads each 
month, and the community is active 
in suggesting features and answer- 
ing questions. We have had 
numerous contributions from 

ZRM users/developers. 


Users or developers from the com- 
munity can become involved with 
Zmanda in many ways. They can 
contribute to the wiki, post or 


answer questions on our 
on-line forums and, of 
course, contribute by trying 
the products, providing QA 
feedback and patches. 


AS: How often can users 
expect a release of ZRM 
Enterprise edition or the 
ZRM Community edition? 


PS: We do a release of the 
Enterprise edition once every 
3-4 months. Usually a release 
has a combination of new 
features, new platforms sup- 
ported and bug fixes. On the 
other hand, the Community 
edition has no fixed schedule. 
We have done 13 (major and 
minor) releases in about 24 
months. Critical security bugs 
are fixed within 24 hours. 


AS: What does Zmanda 

expect to gain by making an 
open-source Community edi- 
tion of ZRM freely available? 


PS: We are an open-source 
company. We believe in 
bringing the best of open 
source to the enterprise as 
well as contributing to open 
source to make it enterprise- 
ready. We gain a good under- 
standing of MySQL DBA work 
flows and features needed. 
Of course, the Community 
edition is the proving ground 
for our features. And, it helps 
us recruit good engineers. 


We have made significant 
contributions to open source. 
Our contributions are not just 
in development. We maintain 
source trees, a bug-tracking 
system and documentation, 
and we help evangelize ZRM 
using Webinars, presenta- 
tions, whitepapers and 
contributing to books. 


Monitoring 

ZRM's monitoring function presents 
valuable information about the most 
recently run backup job as well as about 
currently running jobs. Information 
includes how much time the backup 
took, backup size and any warning or 
error messages. This feature was very 
helpful when tracking the progress of 
long-running backup jobs. 


Reporting 
ZRM provides excellent reports that 
analyze the details about backup and 
restore jobs, including summary reports, 
custom reports, predefined reports and 
data integrity reports. ZRM Enterprise 
edition provides nine predefined reports 
and allows customized reporting using 
30 preset data fields. You can use ZRM's 
reporting data within other applications 
via RSS feeds. You also can configure 
ZRM to send e-mail alerts about the 
status of backup jobs. 

| found the Backup Application 
Performance Report to be quite useful, 
because it provides stats about the amount 
of time that tables were read-locked and 
the total backup time. This information 
could help a DBA schedule backups to 
avoid peak periods of database usage. 


Administration 

ZMC’'s administration function lets 
you define and manage users, manage 
backup sets, set up ZRM site defaults and 
customize ZMC preferences. ZMC imple- 
ments role-based access control where 
users can be defined as an operator or an 
administrator. Administrators can manage 
all backup sets on the ZRM server; 
however, operators can manage only 
the backup sets they own. 


Recovery 
ZRM simplifies the full or incremental 
recovery of lost data. Using ZMC, you 
select a backup set to be restored and 
specify a MySQL server to which to 
restore. If you want to verify your data 
manually after recovery, ZMC provides 
an option to shut down the MySQL 
server after recovery is complete. 
Another option is point-in-time 
recovery, which lets you restore data 
selectively. Using the Visual Log 
Analyzer in ZMC, you can perform 
incremental recovery by specifying a 
given point in time or a binary log posi- 
tion up to which you want to recover. 


To test ZRM's recovery functionality, | 
successfully restored the backups creat- 
ed from earlier tests. | also successfully 
restored the quick snapshot raw backup 
image of my million-record table to my 
remote MySQL server. 


Help 

Even though the ZMC interface is relatively 
easy to understand, you may need more 
information about a specific ZRM feature. 
Fortunately, ZMC provides context- 
sensitive on-line documentation through 
the Zmanda Network. Other helpful 
resources include the Zmanda Wiki, 
forums and blogs. Zmanda’s active on-line 
community is helpful and responsive. 


A Star in the Making 

Zmanda Recovery Manager provides a 
robust, open and cost-effective backup 
and recovery solution for organizations 
relying on MySQL for their critical data. 
ZRM simplifies an otherwise intricate 
process of backup and recovery by 
managing complex open-source utilities 
through its Web-based console. 

As with any evolving product, there 
always is room for improvement. Here 
are some of my suggestions: a smarter 
graphical installer that automates post- 
install tasks done manually today; a 
more sophisticated management con- 
sole that enhances the user experience; 
snazzier graphical reports (think Google 
Analytics); and a ZRM virtual appliance 
(VM image) for easier deployment in 
virtualized environments. 

Try out ZRM's open-source Community 
edition today. You'll see how effortless 
MySQL backup and recovery can be.m= 


Alolita Sharma has been involved with open source since 
the early days of Linux. As a software engineer and industry 
consultant, she promotes innovation through open source. 
She is cofounder and CEO of Technetra and OSI Board Member. 
She can be contacted at alolita.sharma@gmail.com. 


Resources 


Zmanda Recovery Manager: 
Wwww.zmanda.com/backup-mysql.html 


Zmanda Network: network.zmanda.com 
ZRM Wiki: mysqlbackup.zmanda.com 


ZRM Forums: forums.zmanda.com 
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POWER UP 
YOUR E-MAIL 


WITH MUTT 


Tired of your e-mail client hogging all your system resources? 
Experience the low-cost power of Mutt. 


"my -Mail—one of the Internet's first joys and evils. 
: pa It brings us closer but forces us to weed 

— through clutter, distractions and snake oil 
salesmen. Parsing and organizing the data 
is a tricky task. As with most jobs tricky and 
—_ time-consuming, people marry a favorite tool. 
Presumably, you have an e-mail reader you hold dear to your 
heart. Nevertheless, | suggest you cheat on Thunderbird, 
Evolution or KMail for a day and experience the power of 
Mutt, the e-mail client underdog. 

Mutt is a feature-rich, lightweight, text-based e-mail client. 
Yes, it's text-based. Don’t let Mutt’s simple presentation fool 
you. The text-based display is a feature, providing a customiz- 
able, concise viewport. The Mutt e-mail client will play nicely 
with remote IMAP, POP3 and SMTP servers. SSL connections 
also are supported. Whatever features Mutt does not provide, 
other tools, such as address books, Web browsers, document 
viewers and more, can be leveraged to enhance Mutt’s 
innate abilities. So, why all the fuss when most e-mail 
clients can do the same? Mutt is faster, more customizable 
and less resource-intensive. 

Need to sort quickly through hundreds of e-mail messages 
a day? Find that your current e-mail client takes up too much 
screen real estate? Maybe your e-mail client consumes too 
much memory? Do you want better e-mail threading for all 
those mailing lists to which you belong? Are you a system 
administrator who regularly needs a quick way to test e-mail 
servers? Tired of dealing with your laptop's mouse pad to read 
and send e-mail? Want to use Vim or Emacs to compose your 
e-mail? If any of these apply, Mutt will seduce you. 

The first obvious advantage of Mutt is its small memory 


femal 


54 | september 2008 www.linuxjournal.com 


footprint. Below, | show the memory usage of KMail, 
Thunderbird, Evolution and Mutt on my system: 


VIRT RES SHR %MEM COMMAND 
156m 37m 19m 3.7  thunderbird-bin 
161m 33m 19m 3.3 evolution 


96352 23m 17m 2.3 kmail 
14548 6092 3180 0.6 mutt 


Mutt uses only a fraction of the memory used by most 
popular e-mail clients. So, if you are using older hardware, 
Mutt may speed up your computer by freeing some memory. 
Either way, Mutt will not hog your system’s resources. 

Another advantage of Mutt is the text-based display. For 
one, the interface is highly customizable. All fields and colors 
can be changed to meet your demands. Color new e-mail 
messages green and deleted messages red. Produce pretty, 
threaded message views. Anything is possible. 

Mutt has it all and through a shell, no less. No longer 
will you need to open up IMAP access to your private server. 
Instead, ssh into the server and run Mutt. 

Before | go into Mutt’s other features, let’s configure 
Mutt, so you can take a test drive. In this article, | focus on 
how to configure Mutt to work with an IMAP server. For 
my examples, | use Gmail's IMAP service. Because Gmail is 
a public, freely available service, everyone should be able to 
follow along. If you have another IMAP server you want to 
use, change the settings from my examples to match your 
IMAP server's configuration. If you are using Gmail, make 
sure you enable IMAP access to your account in Gmail’s 
Settings—Forwarding and POP/IMAP. 
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9 To Shawn Powers ( 1) asfdasdf 
19 To Shawn Powers ( 1) This is a test 


( 1) You've won the UK Lottery! 
19 Donna Powers (| @K) Buy Milk, bring it home... 
19 To spowers@tech ( OK) Don't forget your anniversary 
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FEATURE Mutt 


Mutt Quickstart 


First, install Mutt. | recommend using Mutt 1.5.17 or newer. LISTING 1. Sample .muttre File 
Features | discuss here, such as IMAP header caching, are not 
available in older Mutt releases. Chances are, your distribution # Local folder 
has the latest and greatest. So, use yum, apt-get or compile set mbox_type=Maildir 
the source code from www.mutt.org. If your custom binaries set folder=~/Mail 
ever produce warnings about unknown features, check that 
you have all necessary options enabled in the compile’s # IMAP Settings 
configure step. set realname="Victor Gregorio" 
Before running Mutt the first time, let's configure your set from="Victor Gregorio <contactvictorg@gmail.com>" 
IMAP connection. Create and edit a ~/.muttrc file, and add set imap_user=contactvictorg@gmail.com 
the following configuration options (make sure to fill in your set folder=imaps://imap. gmail.com 
account specifics): set spoolfile=imaps://imap.gmail.com/ INBOX 
set record=imaps://imap.gmail.com/Sent 
set from="YOUR NAME <USER@gmail.com>" set postponed=imaps://imap.gmail.com/Drafts 
set imap_user=USER@gmail.com mailboxes =INBOX # check for new email here 
set imap_pass=PASS set header_cache=~/.mutt_cache 
This sets your From line and IMAP user login. If you are # Reading Nail 
not comfortable with your password being in plain text on set timeout=10 
the filesystem, do not set imap_pass in your ~/.muttrc. If set mail_check=5 
imap_pass is not set, you will be prompted for a password set sort=threads 
when you execute Mutt. set sort_aux=date 
Next, set your folder, the default location of your mailboxes. set move=no 
You also might want to set the spoolfile to your Gmail Inbox, set mark_old=no 
so that Mutt opens it automatically: ignore * # ignore all headers except for ... 
unignore Date: From: To: CC: Bcc: Subject: 
set folder=imaps://imap. gmail.com hdr_order Subject: Date: From: To: CC: Bcc: 
set spoolfile=imaps://imap.gmail.com/INBOX set index_format="%{%b %d} %-15.15L [%Z] %s" # custom index format 
Then, configure Mutt to save sent mail, or your record, into # Composing Mail 
a Gmail folder named Sent. You also might want to configure set editor="vim" 
a Draft, or postponed, folder: set _markers=no 
set signature=~/.sig 
set record=imaps://imap.gmail.com/Sent set include=yes 
set postponed=imaps://imap.gmail.com/Drafts set forward format="Fwd: %s" 
Make sure to enable header caching, or Mutt will have to # Sending Mail 
download all of your Inbox's headers upon each execution: set copy=yes 


set smtp_url="smtps://contactvictorg\@gmail.com@smtp.gmail.com/" 


set header_cache=~/.mutt_cache 


Pretty Colors 


Finally, you need to configure smtp.gmail.com as your or status white blue 
SMTP server. By default, Mutt delivers e-mail using or index green default ~N # new 
/usr/sbin/sendmail -oem -oi. In your case, use Gmail's or index red default ~D # deleted 
SMTP server so that the e-mail envelope looks legitimate. index brightmagenta default ~T # tagged 
Otherwise, your message might be flagged as spam for not index brightyellow default ~F # flagged 
originating from gmail.com: header green default "*Subject:" 
header ow default "“Date:" 
set smtp_url="smtps://USER\@gmail.com:PASS@smtp.gmail.com/" header ow default "“To:" 
header ow default "*Cc:" 
Again, leave out :PASS to increase security and enable a header yellow default "ABcc:" 
password prompt for each message sent. header ow default "AFrom:" 
Although these are the basics, the .muttrc file has the header default "X-.#:" 
potential for a slew of options. Listing 1 is my entire .muttrc 
with some additional tweaks. Many of the options are just # View Special Formats 
that, optional. The muttrc(5) man page explains them all, so set mailcap_path=~/.mailcap 
be sure to give it a look. auto_view text/html # auto-render html inline mutt 


Finally, | also configure my ~/.mailcap file so that Mutt 
knows with which applications to open HTML e-mail, PDFs and 
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Figure 2. The Sort Options Available in the Index View 


images. | use w3m to auto-view HTML inline with Mutt. You 
also can use ELinks or Lynx: 


-dump %s; nametemplate=%s.html1; 


‘pdf; /usr/bin/evince 


/usr/bin/display %s 


/usr/bin/disp 


/usr/bin/display 


You are ready! Save all configuration files and run 
mutt. You will have to accept a security certificate from 
imap.gmail.com. If you choose to save the certificate, it 
will be saved in ~/.mutt_certificates. 


Figure 3. Mutt’s View Limited to New Messages 


Put Down the Mouse 

The keyboard is your friend. Mutt is great for laptop users, 
because the heavy lifting is done by typing, not clicking. All 
the power of Mutt is yours without ever taking your hands off 
the keyboard. 

Pressing Enter opens an e-mail message, the | key returns 
you to the mailbox’s index. Use the arrows to move around, 
and press Q to quit just about any screen. 

From the index, use Tab to skip to the next new messages, 
D to delete, F to flag and so forth. The top bar in your display 
will show some commonly used keystrokes. Enter ? to see the 
full list of available commands. 

Color settings in Mutt are particularly useful in the index 
view. If you use the color settings from my example .muttrc, all 
new messages are displayed in green, flagged messages are 
displayed in yellow, deleted messages are red and tagged 
messages are purple (more on tagging later). 


Figure 4. Searching for Messages in Mutt 


Figure 5. Deleting Messages Matching a Regex 


e-mail, here are some shortcuts for managing your Inbox. 
These shortcuts are the seductive draw of Mutt. You can zip 
through your e-mail quickly without ever touching a mouse. 
First, you can sort and order your email by date, thread 
and many other fields by pressing O. Set the default sort 
method in .muttrc using set sort. | prefer to sort by threads 
(set sort=threads), then date (set sort_aux=date). 
Sorting your Inbox by threads opens a new group of 


Figure 1. Mutt’s Colors in Action commands that apply to entire threads. For instance, if you 

want to delete an entire thread, use Ctrl-D while highlighting 
Sort and Search any e-mail in the thread. Delete large threads of e-mail with 
Now that you have access to your IMAP account and can send one keyboard stroke. 
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Figure 6. Tagging Mail Matching a Regex 


For a more concise view, limit your view to a subset of 
messages with the limit command, L. You can limit to unread, 
read, flag and more. All the standard sorting and tagging 
commands work when in a limited view. If you want to see 
your entire Inbox again, limit to all. 

Want to search for a message in your Inbox? If you are 
familiar with Vim, searching through e-mail in Mutt should be 
second nature. Simply press / as you would in Vim, and tell 
Mutt your search string. Searches take the form of regular 
expressions, so regex to your heart's desire! 

Speaking of regex, you can delete, flag or tag using regex 
as well. For instance, to delete all messages matching a 
pattern, press D. Fill in your regular expression match 
pattern and press Enter. With only a few keystrokes, you're 
done. Use F for flagging and T for tagging messages by 
regular expression matching. 


Tagging a Batch Queue 

So, what is all this tagging about? Mutt allows you to tag 
messages that you then can act on in one fell swoop. Think of 
it as a batch queue. Press T to tag messages into the queue, or 
use T to tag using regular expression matching. Then, use ; to 
prefix any command normally available to a single message, 
and all tagged messages will be affected in a batch. 

Once messages are tagged, press ;-D to delete all tagged 
messages, ;-F to flag and so on. Again, pressing ? shows all 
available keystrokes. Imagine how quickly you now can delete 
the hordes of unread mailing-list messages. 


Compose and Send 

Now, let’s send a test message using the Gmail SMTP server. 
Press M to compose an e-mail message. Fill in the To: line, 
then the Subject: line. Your e-mail editor opens automatically. 
Write your message, save and quit. You will see a page that 
allows you to edit the Cc, Bcc and other fields. Finally, press Y 
to send the message. 


Address Book 

Need an address book? No problem. By default, Mutt has sup- 
port for alias, or contact, files. To start using aliases, create an 
empty ~/.mutt-alias file, then source and reference it inside your 
~/.muttrc. Press A to save contacts while using Mutt. You can 
access contacts using Tab from the To, Cc or Bcc entry fields: 
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Figure 7. The Final Screen before Sending Mail in Mutt 


source ~/.mutt-alias 
set alias _file=~/.mutt-alias 


Alternatively, you can use abook. By design, the abook 
address book program integrates with the Mutt e-mail client. 
Install abook using your standard distribution tools, or compile 
the source code available at abook.sourceforge.net. 

Set up a macro for A that calls abook. Macros are powerful 
tools in Mutt. They can pipe data into shell scripts or executables 
and allow for the customization of any keystroke: 


set query_command= "“abook --mutt-query '%s'" 
macro index,pager A "<pipe-message>abook --add-email-quiet<return>" 


With the new macro in place, press A to add a contact into 
your address book. You can query the abook contacts using Q. 


Editors 
Like most Linux power tools, Mutt is specialized. It manages 
e-mail very well and lets other programs worry about most of 
the rest. Editors and spell-checkers live outside of Mutt. 

| prefer to use Vim. But, do you want to use GNU Emacs, 
GNU nano or another editor? Simply set it as your editor inside 
~/.muttrc. By default, Mutt uses the $EDITOR environment 
variable if no editor is defined. 

For spell-checking, | like Vim’‘s spell-check as-you-type 
feature. Use these settings in your ~/.vimrc to underline 
misspelled words in red: 


set spell 
set spell spelllang=en_us 
set spellfile=~/.vim/spellfile.add 


highlight clear SpellBad 

highlight SpellBad term=standout ctermfg=1 
highlight SpellBad term=underline cterm=underline 
highlight clear SpellCap 

highlight SpellCap term=underline cterm=underline 
highlight c 

highlight S$ 

highlight c 

highlight SpellLocal term=underline cterm=underline 


lear SpellRare 
pellRare term=underline cterm=underline 


lear SpellLocal 


Power of HPC 


Plan now to attend SC08, the premier 
international conference on high 
performance computing, networking, 
storage and analysis. 


Conference: When SC08 opens November 15, 2008 in Austin, Texas, 
7 the conference series will celebrate its 20th anniversary as 


a the premier international conference on high performance 
Nov. 15 21, 2008 computing, networking, storage and analysis. The confer- 
ence features the latest scientific and technical innovations 


Exhibition: from around the world. Bringing together scientists, 
engineers, researchers, educators, programmers, system 
Nov. 17-20, 2008 administrators and managers, SC08 is the forum for 
demonstrating how these developments are driving new 
2 a ideas, new discoveries and new industries. 
Austin Convention Center 
Austin, Texas Plan now to be a part of SC08 and its program of trailblaz- 
ing technical papers, timely tutorials, invited speakers, 
up-to-the-minute research posters, entertaining panels 
and thought-provoking birds-of-a-feather sessions. 
New for 2008 will be two Technology Thrusts: Energy 
and Biomedical Informatics. Additionally, exhibits from 
industry, academia, and government research organiza- 
tions will demonstrate the latest innovations in computing 
and networking technology. SC08 promises to be the most 
exciting and innovative SC conference yet! 
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MUTT ALLOWS YOU TO TAG 
MESSAGES THAT YOU THEN 


CAN ACT ON IN ONE FELL SWOOP. 


Once Vim’s spell-checking is 
enabled, you have these options 
available to you when your cursor 
is over a misspelled word: 


™@ zg to add a word to the word list. 
@ zw to reverse. 


M zug to remove a word from the 
word list. 


H z= to get list of possible spellings. 


Mutt has too many interesting features 
to outline in the scope of one article. 
However, one last feature | want to 
share with you is the bounce command. 
Bounce lets you resend a message to a 
new recipient. The message arrives at 
the new recipient from the original 
sender, not the bouncer. Why is this 
useful? Well, what if a ton of e-mail 
was sent to your work address instead 
of your personal e-mail address? Don’t 
just forward the messages in bulk— 
bounce them. First, tag all the messages 
you want to bounce by pressing T and 
providing a regex search string that 
matches your selection. Use the sender's 
name, for example. Then, act on the 
queue by pressing B. Fill in your personal 
e-mail address, and press Enter to 
execute the bounce. 


Do the keyboard commands seem 
obscure? They may at first, but they 
quickly will become resounding strokes 
of e-mail power chords. The effort will 
pay off. Mutt still is in active develop- 
ment, and you can expect this under- 
dog to be around for a while. 

There are some interesting features 
on the horizon for Mutt version 1.6. 
Brendan Cully, a Mutt developer and 
the SourceForge project administrator, 
provided this list of Mutt 1.6’s features: 


@ Native SMTP support. 


m IMAP/POP header and body caching, 


and maildir/MH header caching. 


@ Significant IMAP performance 
enhancements (pipelined 
commands and IDLE support). 


m@ IMAP server-side search. 
m@ Flowed text support. 
m@ More flexible charset support. 


m@ User-defined variables (starting 
with $my_). 


@ Large file support. 

m Attachment counts in the index. 
@ Spam flagging. 

m S/MIME support. 


Whatever version you use, check 
www.mutt.org for release details. If 
you want more, the muttrc(5) man page 
can walk you through all of the .muttrc 
parameters, and the mutt.org site has 
more examples. If you are feeling lazy, use 
muttrcbuilder.org to build a .muttrc file. 

| hope that you have found some 
value in Mutt and that it improves your 
e-mail experience. If nothing else, Mutt 
can be an additional power tool in your 
sysadmin toolchest.— 


Victor Gregorio lives in San Francisco, California, working 
as a Senior System Administrator and QA Engineer for 
Penguin Computing. He often can be found behind a camera 
or clicking away at a keyboard. 


Resources 


The Mutt E-Mail Client: 
www.mutt.org 


The abook Address Book Program: 
abook.sourceforge.net 


On-line .muttrc Generator: 
www.muttrcbuilder.org 
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1 TERAFLOP IN A COOL, FAST, RELIABLE PLATFORM! 


Whether it’s Wall Street, Main Street or Your Street, Microway’s new 
Nvidia-powered WhisperStation-Pro is energy-efficient, designed for 
superior performance, and best of all - QUIET. 

Originally designed for a group of power hungry, demanding engineers in the automotive industry, WhisperStation-Pro 


incorporates two AMD® Opteron™ or Intel® Xeon® quad-core processors and high-efficiency power supplies. Ultra-quiet 
fans and internal sound-proofing produce a powerful, but silent, computational platform. 


WhisperStation-Pro configured with one Quad core processor, 4 GB high speed memory, 250 GB drive, dual-GigE, 
NVIDIA® Quadro™ FX570 graphics and 20" LCD — starts at $1995. 


You can have it configured to your exact needs with NVIDIA GeForce® or Quadro graphics adapters 
(including SLI®), NVIDIA Tesla™ GPU, any Linux distribution, or Windows® dual-boot. Also, there 
is plenty of room for RAID storage expansion. From a home based workstation for financial 

wizards, to a superior gaming or design station, WhisperStation-Pro fits the bill and your budget. 


Visit www.microway.com for more technical information. 


Hear Yourself Think Again! 
Call our technical sales team at 508-746-7341 and 
customize your WhisperStation-Pro today. 


Technology you can count on ) 


NGIMX 


the High-Performance Web Server 
and Reverse Proxy 


Having performance issues with your Web server? 
Maybe the Russians can help. 


WILL REESE 


pache is the most popular Web server and one of the 

most successful open-source projects of all time. Since 

April 1996, Apache has served more Web sites than 

any other Web server. Many of the world’s largest Web 
sites, including YouTube, Facebook, Wikipedia and Craigslist, 
use Apache to serve billions of page views per month. Over 
the years, Apache has proven itself to be a very stable, secure 
and configurable Web server. Although Apache is an excellent 
Web server, what if there were an alternative with the same 
functionality, a simpler configuration and better performance? 
That Web server exists, and it’s called Nginx. 
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Nginx, pronounced “Engine X", is a high-performance 
Web server and reverse proxy. It was created by Igor Sysoev 
for www.rambler.ru, Russia‘s second-largest Web site. 
Rambler has used Nginx since summer 2004, and it’s currently 
serving about 500 million requests per day. Like Apache, Nginx 
is used by some of the largest Web sites in the US, including 
WordPress (#26), YouPorn (#27), Hulu and MochiMedia. As of 
May 2008, Nginx is the fourth-most-popular Web server, and 
it is currently serving more than two million Web sites. As it is 
only trailing behind Apache, IIS and GFE, it is effectively the 
second-most-popular Web server available for Linux. 


Like Apache, Nginx has all the features you would expect 
from a leading Web server: 


@ Static file serving. 
m@ SSL/TLS support. 
@ Virtual hosts. 

m@ Reverse proxying. 
@ Load balancing. 
@ Compression. 

m@ Access controls. 
@ URL rewriting. 

@ Custom logging. 
m@ Server-side includes. 
m WebDAV. 

@ FLV streaming. 

@ FastCGI. 


It is stable, secure and very easy to configure, as you will 
see later in the article. However, the main advantages of Nginx 
over Apache are performance and efficiency. 

| ran a simple test against Nginx v0.5.22 and Apache 
v2.2.8 using ab (Apache’s benchmarking tool). During the 
tests, | monitored the system with vmstat and top. The results 
indicate that Nginx outperforms Apache when serving static 
content. Both servers performed best with a concurrency of 
100. Apache used four worker processes (threaded mode), 
30% CPU and 17MB of memory to serve 6,500 requests 
per second. Nginx used one worker, 15% CPU and 1MB of 
memory to serve 11,500 requests per second. 

Nginx is able to serve more requests per second with less 
resources because of its architecture. It consists of a master 
process, which delegates work to one or more worker process- 
es. Each worker handles multiple requests in an event-driven 
or asynchronous manner using special functionality from the 
Linux kernel (epoll/select/poll). This allows Nginx to handle a 
large number of concurrent requests quickly with very little 
overhead. Apache can be configured to use either a process 
per request (pre-fork) or a thread for each request (worker). 
Although Apache's threaded mode performs much better than 
its pre-fork mode, it still uses more memory and CPU than 
Nginx’s event-driven architecture. 


Nginx is available in most Linux distributions. For this article, | 
use Ubuntu 8.04 (Hardy), which includes Nginx version 0.5.33. 


If your distro does not have Nginx, or if you want to run 
a newer version, you always can download the latest 
stable version (v0.6.31 at the time of this writing) and 
install from source. 

Run the following command as root to install Nginx: 


# apt-get install nginx 


Now that Nginx is installed, you can use the startup script 
to start, stop or restart the Web server: 


# /etc/init.d/nginx start 
# /etc/init.d/nginx stop 
# /etc/init.d/nginx restart 


Most configuration changes do not require a restart, in 
which case you can use the reload commana. It is generally 
a good idea to test the Nginx configuration file for errors 
before reloading: 


# nginx -t 
# /etc/init.d/nginx reload 


BioNet Research Group 


First to the Moon, then on to Mars. 


The BioNet Research Group at the 
University of Colorado at Boulder 
provides software development, 
testing and system integration for 
NASA and the aerospace industry. 


Our vision is to provide the 
communication and software 
technologies to return man to the 
Moon and then on to Mars. 


We have three positions for which 
we anticipate hiring highly qualified 
applicants: 


Software Developer #804681 
Software Test Engineer...#804683 
Systems Engineer #804682 


http://www.jobsatcu.com 
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Let's go ahead and start the server: 
# /etc/init.d/nginx start 


Nginx now should be running on your machine. If you 
open http://127.0.0.1/ in your browser, you should see a page 
with “Welcome to nginx!”. 


Main Configuration File 

Now that Nginx is installed, let’s take a look at its config file, 
located at /etc/nginx/nginx.conf. This file contains the server- 
wide settings for Nginx, and it should look similar to this: 


user www-data; 
worker_processes 1; 
error_log /var/log/nginx/error.log; 
pid /var/run/nginx.pid; 
events { 
worker_connections 1024; 
} 
http { 
include /etc/nginx/mime.types; 
default_type application/octet-stream; 
access_log /var/log/nginx/access.log; 
sendfile on; 
keepalive_timeout 65; 
tcp_nodelay on; 
gzip on; 
include /etc/nginx/sites-enabled/*; 


We are not going to change any of these settings, but 
let's talk about some of them to help us understand how 
Nginx works. The worker_processes setting tells Nginx how 
many child processes to start. If your server has more than one 
processor or is performing large amounts of disk 1O, you might 
want to try increasing this number to see if you get better 
performance. The worker_connections setting limits the number 
of concurrent connections per worker process. To determine 
the maximum number of concurrent requests, you simply 
multiply worker_processes by worker_connections. 

The error_log and access_log settings indicate the default 
logging locations. You also can configure these settings on a 
per-site basis, as you will see later in the article. Like Apache, 
Nginx is configured to run as the www-data user, but you 
easily can change this with the user setting. The startup 
script for Nginx needs to know the process ID for the master 
process, which is stored in /var/run/nginx.pid, as indicated 
by the pid setting. 

The sendfile setting allows Nginx to use a special Linux 
system call to send a file over the network in a very efficient 
manner. The gzip option instructs Nginx to compress each 
response, which uses more CPU but saves bandwidth and 
decreases response time. Additionally, Nginx provides another 
compression module called gzip precompression (available as 
of version 0.6.24). This module looks for a compressed copy of 
the file with a .gz extension in the same location and serves it 
to gzip-enabled clients. This prevents having to compress the 
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file each time it's requested. 

The last setting we are concerned with is the include 
directive for the sites-enabled directory. Inside /etc/nginx, 
you'll see two other directories, /etc/nginx/sites-available and 
/etc/nginx/sites-enabled. For each Web site you want to host with 
Nginx, you should create a config file in /etc/nginx/sites-available, 
then create a symlink in /etc/nginx/sites-enabled that points to 
the config file you created. The main Nginx config file includes 
all the files in /etc/nginx/sites-enabled. This helps organize 
your configuration files and makes it very easy to enable and 
disable specific Web sites. 


Static Web Server 

Now that we covered the main configuration file, let's create a 
config file for a basic Web site. Before we begin, we need to 
disable the default site that Ubuntu created for us: 


# rm -f /etc/nginx/sites-enabled/default 


Now, create a new configuration file called 
/etc/nginx/sites-available/basic with the following contents: 


server { 
listen: 127'.0..0.1::607 
server_name basic; 
access log /var/log/nginx/basic.access.log; 
error_log /var/log/nginx/basic.error. log; 
location / { 
root /var/www/basic; 


index index.html index.htm; 


Create the root directory and index.html file: 
# mkdir /var/www/basic 


cd /var/www/basic 
# echo "Basic Web Site" > index.html 


fe 


Enable the site and restart Nginx: 


# cd /etc/nginx/sites-enabled 
# In -s_ ../sites-available/basic . 
# /etc/init.d/nginx restart 


If you open http://127.0.0.1/ in your browser, you should 
see a page with “Basic Web Site”. As you can see, it is very 
easy to create a new site using Nginx. 

Let's go over the new configuration file we created. The 
server directive is used to define a new virtual server, and all of 
its settings are enclosed in braces. The listen directive indicates 
the IP and port on which this server will accept requests, and 
server_name sets the hostname for your virtual server. As | 
mentioned earlier, the access_log and error_log settings can be 
set on a per-site basis. It is usually a good idea to provide each 
site with its own set of log files. 

Next is the location directive, which allows you to modify 
the settings for different parts of your site. In our case, we 


have only one location for the entire site. However, you can server { 


have multiple location directives, and you can use regular listen 127.0.0.1:443; 

expressions to define them. We have two other directives server_name secure; 

inside our location block: root and index. The root directive access log /var/log/nginx/secure.access. log; 
is used to define the document root for this location. This error_log /var/log/nginx/secure.error.log; 
means a request for /img/test.gif would look for the file ssl on; 

Nar/wwwilocalhost/img/test.gif. Finally, the index directive tells ssl_certificate /etc/nginx/ssl/server.crt; 
Nginx what files to use as the default file for this location. ssl_certificate_ key /etc/nginx/ssl/server.key; 


location / { 
root /var/www/secure; 


Some Web sites, such as on-line stores, require secure com- index index.html index.htm; 
munication (HTTPS) to protect credit-card transactions and } 
customer information. Like Apache, Nginx supports HTTPS } 
via an SSL module, and it’s very easy to set up. 

First, you need to generate an SSL certificate. The openss| Create the root directory and index.html file: 
command will ask you a bunch of questions, but you simply 
can press Enter for each one: # mkdir /var/www/secure 

# cd /var/www/secure 

# apt-get install openssl # echo "Secure Web Site" > index.html 


# mkdir /etc/nginx/ssl 
# cd /etc/nginx/ssl Enable the site and restart Nginx: 
# openssl req -new -x509 -nodes -out server.crt -keyout server.key 
# cd /etc/nginx/sites-enabled 
Create a new config file called /etc/nginx/sites-available/secure, # In -s ../sites-available/secure . 
which contains the following: # /etc/init.d/nginx restart 
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If you open https://127.0.0.1/ in your browser (note the 
https), you probably will get a warning about not being able 
to verify the certificate. That’s because we are using a self- 
signed certificate for this example. Go ahead and tell your 
browser to accept the certificate, and you should see a page 
with “Secure Web Site”. 

This config file is very similar to our previous config, but 
there are a few differences. First, notice that this new server 
is listening on port 443, which is the standard port for 
HTTPS. Second, we enabled the SSL module with the line 
ssl on;. If you compiled Nginx yourself instead of using 


IN ADDITION TO BEING AN 
EXTREMELY FAST STATIC WEB 
SERVER, NGINX ALSO IS A LOAD 
BALANCER AND REVERSE PROXY. 


the Ubuntu package, you need to make sure you specified 
--with-http_ssl_module when you ran ./configure; 
otherwise, the SSL module will not be available. Third, we 
used the ssl_certificate and ssl_certificate_key directives to 
point to the certificate and key we created earlier. 


Virtual Hosting 

In many cases, you will want to run multiple Web sites from a 
single server. This is called virtual hosting, and Nginx supports 
both IP- and name-based vhosts. 

Let's create two virtual hosts: one.example.com and 
two.example.com. First, we need to add a line to our /etc/hosts 
file, so that one.example.com and two.example.com point to 
our server (normally you would do this using DNS): 


# echo "127.0.0.1 one.example.com two.example.com" >> /etc/hosts 


Now, we need to create a configuration file for each site. 
First, create a file called /etc/nginx/sites-available/one with the 
following contents: 


server { 
listen 127.8. 1:80; 
one.example.com; 


/var/log/nginx/one.access. log; 


server_name 
access_log 
error_log /var/log/nginx/one.error.log; 
location / { 

root /var/www/one; 

index index.html index.htm; 


Then, make a copy of that file called /etc/nginx/sites-available/ 
two, and replace each occurrence of “one” with “two”: 


# cd /etc/nginx/sites-available 
# cp one two 


# sed -i "s/one/two/" two 


Create the root directories and index.html files: 
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# mkdir /var/www/ {one, two} 
# echo "Site 1" > /var/www/one/ index.html 
# echo "Site 2" > /var/www/two/ index.html 


Enable the sites and restart Nginx: 


cd /etc/nginx/sites-enabled 

In -s_ ../sites-available/one . 
In -s_ ../sites-available/two . 
/etc/init.d/nginx restart 


FO OHH 


If you open http://one.example.com/ in your browser, you 
should see a page with “Site 1”. For http://two.example.com/, 
you should see “Site 2”. 

We just created two name-based virtual hosts running on 
127.0.0.1 by changing the server_name directive. For IP-based 
virtual hosts, simply change the listen directive to use a 
different IP for each site. 

Now, go ahead and disable these two virtual hosts: 


# rm -f /etc/nginx/sites-enabled/one 
# rm -f /etc/nginx/sites-enabled/two 
# /etc/init.d/nginx restart 


Don't forget to remove the line we added to /etc/hosts 
when you are done. 


Reverse Proxy and Load Balancer 

In addition to being an extremely fast static Web server, Nginx 
also is a load balancer and reverse proxy. A load balancer is a 
device used to spread work out across multiple servers or pro- 
cesses, and a reverse proxy is a server that transparently hands 
off requests to another server. Among other things, this 
allows Nginx to handle requests for static content and to 
load-balance requests for dynamic content across many 
different back-end servers or processes. 

For this example, let's create a very simple Python Web 
server to serve up some dynamic content. Don’t worry if you 
are not familiar with Python; we're just using it to display a 
Web page that indicates on which port the server is running. 
Save the following to a file called /tmp/server.py: 


import sys,BaseHTTPServer as B 
class Handler(B.BaseHTTPRequestHandler) : 
def ido _GET(self):: 
self.wfile.write("Served from port %s" % port) 
def log _message(self, *args): 
pass 
a? name == main 
host,port = sys.argv[1:3] 
server = B.HTTPServer((host,int(port)), Handler) 
server.serve_forever() 


Now we can start two of these local servers, each on a 
different port: 


# python /tmp/server.py 127.0.0.1 8001 & 
# python /tmp/server.py 127.0.0.1 8002 & 


If you open http://127.0.0.1:8001/ in your browser, 


you should see “Served from port 8001”, and if you 
open http://127.0.0.1:8002/, you should see “Served from 
port 8002”. 

Now, create a new configuration file called /etc/nginx/ 
sites-available/proxy with the following contents: 


upstream python_servers { 
server 127.0.0.1:8001; 
server 127.0.0.1:8002; 

} 

server { 
listen 127.0.0.1:8000; 

server_name proxy; 

access_log /var/log/nginx/proxy.access. log; 

error_log /var/log/nginx/proxy.error.log; 

location / { 
proxy_pass http://python_servers; 


} 


Enable the site and restart Nginx: 


# cd /etc/nginx/sites-enabled 
In -s 


a4 


../sites-available/proxy . 
# /etc/init.d/nginx restart 


If you open http://127.0.0.1:8000/ in your browser, you 
should see a page with either “Served from port 8001” or 
“Served from port 8002”, and it should alternate each time 
you refresh the page. 

Let's go over some of these new settings. The upstream 
block defines a name for a group of back-end servers. In our 
case, we defined a group named python_servers, which 
contains the two local Python servers we started on port 
8001 and 8002. We then configured Nginx to hand off all 
requests to our back-end servers with the line proxy_pass 
http://python_servers;. Nginx automatically load-balances 
the requests to each Python server in a round-robin manner. 
You also can set weights for each back end, so you can direct 
more or fewer requests to specific servers. 

Nginx handles back-end failures automatically and will 
stop sending requests to a failed back-end server until it 
starts responding again. To demonstrate this, we can kill off 
the Python process that's running on port 8001. Use the 
jobs command to find the job number for the Python pro- 
cess running on port 8001, and use kill %<job number> 


to kill the process: 


# jobs 
# kill %1 


Open http://127.0.0.1:8000/ in your browser and keep 
refreshing the page, you should see only the “Served from 
port 8002” page. Nginx detected that the back-end server 
from port 8001 was not responding, so it stopped sending 
requests to that server. Now, restart the Python process for 
port 8001: 


# python /tmp/server.py 127.0.0.1 8001 & 


Keep refreshing the page and you should see your browser 
start alternating between “Served from port 8001” and “Served 
from port 8002” again. Nginx detected that the port 8001 
back end was responding and began sending requests to it. 


Conclusion 

Whether you are looking to get the most out of your VPS or 
are attempting to scale one of the largest Web sites in the 
world, Nginx may be the best tool for the job. It's fast, stable 
and easy to use. Thanks to Igor Sysoev for creating this 
excellent piece of software.m 


Will Reese has worked with Linux for the past ten years, primarily scaling Web applications running 
on Apache, Python and PostgreSQL. He enjoys beating Cory Wright at foosball and Wii Tennis. 


Resources 


Nginx Web Site: wiki.codemongers.com/Main 


Module Comparison Index: wiki.codemongers.com/ 
NginxModuleComparisonMatrix 


Testimonials: wiki.codemongers.com/NginxWhyUselt 


Nginx at WordPress: barry.wordpress.com/2008/04/28/ 
load-balancer-update 


Facebook App Using Nginx: highscalability.com/ 
friends-sale-architecture-300-million-page-view- 
month-facebook-ror-app 


15-6, el A Quick but Not Dirty Way to Create man Pages 


txt2man converts flat ASCII text into the man page format. 
This allows you to author man pages without knowledge of 
nroff macros. It's a shell script that uses GNU awk, and it 
should run on any UNIX-like system. The script is available 
at mvertes.free.fr/txt2man/txt2man. 

txt2man can generate its own man page for viewing on 
the screen via: 


# txt2man -h 2>&1 | txt2man -T 


The text source for the man page for txt2man is contained 
in the script itself; therefore, the source of the script shows 
you all you need to know to use txt2man. 

—JAGADISH KAVUTURU 
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qjDbdns 


More Than Just a Mouthful 
of Consonants 


Recently released into the public domain, 
djbdnsis afast and secure replacement for BIND. 


Cory Wright 


et's face it, DNS is not the most sexy component of the 

Internet's infrastructure. It is an old technology and 

doesn't get the same attention as newer, more flashy 

tools and software. Your Web site visitors may comment 

on how cool your new AJAX widget is, but | guarantee 
they will never tell the world how pleased they are with your 
DNS response time. 

Nevertheless, DNS is crucial to the Internet. It is one of those 
services that always should “just work”, and it’s only when 
it doesn’t work that people notice (and complain, loudly). 
Readers may remember the great “Google vanishing act” in 
May 2005, when the search engine giant briefly disappeared 
from the Internet. Many quickly assumed the site had been 
hacked, but the problem turned out to be a DNS configura- 
tion issue. The mishap was fixed quickly, but it highlighted 
how even the mightiest of the mighty can be crippled easily 
by a simple misconfiguration. 

My primary goal for this article is to demonstrate that 
there is a free, secure and easy-to-configure alternative to 
BIND: djbdns. This article is intended for people who may 
have some experience with DNS, but who would like to 
consider new approaches. | assume only a basic understanding 
of DNS—specifically, familiarity with the basic record types, 
such as A, CNAME, MX, NS and SOA, as well as the concept 
of a TTL (time to live). 
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A Brief History of BIND and djbdns 


For the first 15 years of the Internet as we know it, there was 
only one real choice when it came to DNS server software: 
BIND. BIND began life as a project by several graduate 
students at the University of California, Berkeley (thus the 
acronym, the Berkeley Internet Name Domain). In the early 
1990s, the Internet Systems Consortium (ISC) was created to 
maintain, distribute and support this critical software formally. 
The ISC released BIND 8 in May 1997 as a major update to the 
aging BIND 4. Although there were major configuration differ- 
ences, both BIND 4 and 8 were based on the original Berkeley 
code from the early and mid-1980s. While trying to raise 
funding for a major rewrite, one of BIND’s authors described 
this code as “sleazeware produced in a drunken fury”. A new 
team worked on the rewrite for several years, and BIND 9 was 
released formally in September 2000. 

After years of dealing with security problems in BIND and 
frustration with its configuration syntax, Dan J. Bernstein began 
work on djbdns in 1999. Bernstein (or DJB as he is commonly 
known) already had made a name for 
himself as the author of qmail, the mail 
server software that was quickly gaining 
popularity among system administrators. 
At the time, Sendmail was the dominant 
mail server on the Internet, and, like 
BIND, it was notoriously difficult to con- 
figure and had a history of security prob- 
lems. Bernstein’s “thinking outside the 
box” design decisions about security and 
configuration simplicity not only cata- 
pulted qmail to success, but it also 
affected the way developers thought 
about writing software for the increasingly volatile Internet 
(Postfix, Courier and others were inspired by qmail’s security 
partitioning design). Now that Bernstein had secured and 
simplified mail, it was time to do the same for DNS. The first 
alpha of djodns was released in December 1999, and the current 
version, djbdns 1.05, eventually was released on February 11, 
2001. That's right, the current version is more than seven years 
old. Remember, DNS is an old protocol, and it doesn’t change 
very often. BIND software updates almost always are for 
bugfixes or security patches. 

In the past, Bernstein's software was controversial because 
it lacked an explicit license. OS vendors were reluctant to 
distribute his packages because of the uncertainty around 
its licensing. However, in December 2007, Bernstein placed 
djbdns (as well as daemontools and qmail) into the public 
domain, allowing people to use or distribute it as they see fit. 


Why djbdns? 

BIND has been around since the earliest days of the Internet. 
It’s still the most popular DNS server out there, so why should 
you consider switching to djbdns? For one, djbdns does not 
have BIND’s history of problems. BIND’s security record is on 
par with Sendmail’s (not something to be proud of), and 
configuring it beyond the basics can be downright painful. 

To complicate things further, BIND blurs the distinction 
between the different functions of DNS. There are two primary 
types of DNS services: DNS caches (also called recursive DNS 
servers) and DNS servers (also called authoritative servers or 


tinydns, the authoritative 
DNS server in djbdns, 
takes an entirely different 
approach and makes It 
much more difficult to get 
yourself in trouble. 


name servers). 

A DNS cache is what your desktop computer talks to when 
it needs to find the address for a Web site you are trying to 
reach. When a cache receives your request for the location of 
www.google.com, it first checks to see whether it already 
knows the answer to your question. If it does, it quickly tells 
you. If it does not know the answer already, it begins by first 
asking the root servers for the answer. The root servers 
respond with something similar to “| don’t know the answer 
but the .com servers might; here are their addresses, go ask 
them.” The caching server continues doing this until it has 
the IP for www.google.com, and then it returns the answer 
to your computer. The IP addresses you see in /etc/resolv.conf 
are for DNS caches. Caches talk to authoritative servers to 
get answers. 

An authoritative server has a much more straightforward 
responsibility. Its job is simply to publish information from 
domains for which it is “authoritative”. An authoritative server 
will give answers only to questions about domains for which it 
has been explicitly configured. For exam- 
ple, ns1.google.com (one of Google's 
authoritative DNS servers) never will 
answer a request for the address of 
www.microsoft.com (unless Microsoft 
and Google merge some day). 

Although these are completely differ- 
ent services, BIND uses the same server 
for both. This may seem handy, but it 
complicates the configuration and 
quickly can become a security headache. 

On the other hand, djbdns adheres 
to the UNIX philosophy of “do one 
thing, and do it well”. The server components of djbdns are 
separated, with dnscache as the caching component and 
tinydns as the authoritative server (I detail the advantages of 
each shortly). 

This separation allows each program to run individually 
chrooted as its own unprivileged user. If an attacker is able to 
crash your DNS cache, it will not impact your authoritative 
DNS service. A side effect of this is that dnscache and tinydns 
need separate IP addresses, so that each may bind to port 53. 
You can’t run both on the same IP address. 


Installing djbdns 
The latest version of djbdns compiles on all the major Linux 
distributions. You also need to install daemontools (see side- 
bar), another package by Dan Bernstein. 

Download djbdns from Bernstein's Web site, and run the 
following commands. The third line is a workaround for a glibc 
bug on Linux: 


tar xzf djbdns-1.05.tar.gz 

cd djbdns-1.05 

echo gcc -02 -include /usr/include/errno.h > conf-cc 
make 


+ HH HH 


make setup check 


See Bernstein's official documentation if you have further 
questions about installing djbdns. 


www.linuxjournal.com september 2008 | 69 


FEATURE djbdns 


daemontools 


daemontools is a collection of tools for managing UNIX 
services. Like most of Dan Bernstein's software, djbdns 
relies on daemontools. 


daemontools services are created in directories, and they 
must contain an executable script named run. To start a 
service, you simply create a symbolic link from that directo- 
ry into /service. Within five seconds, the svscan process will 
notice the new service, start it and begin monitoring it. 


Logging is handled by the multilog program from the 
daemontools package. Anything written to standard out- 
put by the program is recorded in the processes log file, 
named current. Typically, the logs are stored within the 
service directory. For example, dnscache’s logs would be 
in /service/dnscache/log/main/current. multilog automati- 
cally rotates the current file once it reaches a certain size. 


These days, | prefer the Ubuntu server distribution, which 
recently introduced the upstart replacement for init. I’ve 
written a patch for daemontools to make it compatible with 
upstart. See dnsfool.com/tips for the patch. daemontools 
is available from cr.yp.to/daemontools.html. 


Using dnscache, a DNS Cache 

One of the easiest ways to begin using djbdns is to configure a 
DNS cache on your local network. There are many reasons 
why you may want to do this—from faster DNS lookup times 
to avoiding those pesky mistyped domain search result pages. 
In either case, installing dnscache can help. 

Let's assume you have a home network with several 
computers on 192.168.10.0/24. Additionally, a Linux machine 
(named linux1) is running on 192.168.10.10. You want to 
install dnscache on linux1, so it can provide DNS resolution 
service for the other machines on the network. 

Fortunately, installing dnscache is trivial, thanks to the 
dnscache-conf utility provided with djbdns. Before running 
dnscache-conf, you need to create one new group and two 
accounts on linux1. These will be used exclusively by djbdns 
and should not be available for login: 


# groupadd djbdns 
# useradd -s /bin/false -d /etc/dnscache -g djbdns dnscache 
# useradd -s /bin/false -d /dev/null -g djbdns dnslog 

The next step is to run dnscache-conf and provide it with 
four parameters: the account for the dnscache process, the 
account for the logging process, the dnscache service directory 
and the IP on which dnscache should listen: 


# dnscache-conf dnscache dnslog /etc/dnscache 192.168.10.10 


The /etc/dnscache directory now should exist. Before you 
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can begin using your new cache, you need to allow access 
to it from your local network. dnscache checks to see if a 
machine is allowed to access it by comparing the IP of the 
incoming request address against files in /etc/dnscache/root/ip/. 
You can grant access to your whole network simply by 
touching a single file: 


# touch /etc/dnscache/root/ip/192.168.10 


At this point, you are ready to start the cache. If you 
are running BIND, you need to stop and disable it so that 
dnscache can take ownership of port 53. Assuming daemontools 
is installed and running, you now can start dnscache: 


# In -s /etc/dnscache /service/ 


That's it. You now have a DNS cache running on your local 
network. Your next step is to update the /etc/resolv.conf file on 
all your machines to point to 192.168.10.10: 


nameserver 192.168.10.10 


If your network is very busy, you may find you need to 
increase the amount of memory that is allocated to your 
cache. Dan Bernstein provides instructions on his Web site for 
adjusting the cache size, but you also may want to take a 
look at Paul Jarc’s cache-effect.pl Perl script or Mike Babcock’s 
dnscacheproc.py Python script. 


Using tinydns, an Authoritative DNS Server 
If you have ever run BIND as an authoritative DNS server, it is likely 
that at some point you neglected to increment the serial on 
an SOA record, overlooked a missing semicolon somewhere 
or simply forgot to append a period (.) at the end of a record. 
These are just a few of the common mistakes people make when 
dealing with BIND’s zone files. If you have been bitten by any of 
these issues, you probably remember the trouble it created for 
you. These errors can cause big headaches (just ask Google). 
tinydns, the authoritative DNS server in djbdns, takes an 
entirely different approach and makes it much more difficult to 
get yourself in trouble. One major difference is that instead of 
separate zone files for each domain, tinydns uses a single text 
file named data to store every record of every domain. This 
data file is then compiled into a very fast database in cdb 
format. Of course, if you prefer managing domains in separate 
files, you still can, just concatenate them together before 
compiling the database. 

Let's get started by configuring our tinydns instance. 
You should have daemontools already installed and running. 
Again, let's assume we are running a home network on 
192.168.10.0/24, and we now want to access each host by 
name using DNS. We have another Linux machine (named 
linux2) running on 192.168.10.20 that will publish DNS 
information with tinydns. 

First, create the tinydns user: 


# useradd -s /bin/false -d /etc/tinydns -g djbdns tinydns 


Like dnscache, there is a utility for creating and configuring 
instances of tinydns. It also takes four parameters: the account 


for the tinydns process, the account for the logging process, 
the tinydns service directory and the IP on which tinydns 
should listen: 


# tinydns-conf tinydns dnslog /etc/tinydns 192.168.10.20 
This creates the /etc/tinydns directory and populates it with 


everything needed to begin publishing your DNS data. The last 
step is to create a symbolic link for the tinydns service into 


the first line creates an A record for linux1.example.com 
with an address of 192.168.10.10 and a PTR record (a 
reverse record) for 10.10.168.192.in-addr.arpa pointing to 
linux1.example.com. If you manage both the forward and 
reverse zones for your network, you probably already can see 
what a huge time-saver this can be. 

Finally, we define simple aliases for our hosts. Each host has 
an alias that we prefer to use instead of the generic linux{1,2,3} 
names. To create alias A records, we use + lines, which are 


/service. Again, be sure to stop and disable any BIND 
instances first: 


# In -s /etc/tinydns/ /service/ 


Now you can begin adding records for each host 
on your network. 


Adding DNS Records 

Before we begin, let’s see how our DNS data would 
look in the traditional BIND zone file format (versions 
8.2 and greater). Listing 1 shows everything needed to 
configure forward records for example.com and reverse 
records for 192.168.10.0/24. This includes the configu- 
ration for named.conf, as well as the zone data for 
example.com and 10.168.192.in-addr.arpa. This clocks 
in at 38 lines of configuration for our two domains. 

As | mentioned, tinydns takes a different approach. 
Instead of defining records separately for forward and 
reverse zones, tinydns allows you to combine them 
into single records. Listing 2 contains the exact same 
configuration from Listing 1, except in tinydns format. 
Instead of 38 lines of configuration, we now have only 
ten lines. Let's go over what these lines do. 

The first character of each line is used to specify 
the type of record or records that should be created. 
A period (.) line tells tinydns that it is authoritative 
for example.com: 


.example.com::Llinux2.example.com 


This creates an SOA (start of authority) record and 
sets linux2.example.com as an NS record. If an IP address 
was provided between the two colons, an A record also 
would have been created for linux2.example.com with 
that IP address. This one @ line replaces eight from the 
BIND zone file: 


@example.com:192.168.10.15:mail.example.com:0 


This line creates two records. An A record is 
created for mail.example.com with an address of 
192.168.10.15, and an MX record is created for 
example.com pointing to mail.example.com with a 
distance of 0. Now, let’s start defining our hosts: 


=Linuxl.example.com:192.168.10.10 
=Linux2.example.com:192.168.10.20 
=Linux3.example.com:192.168.10.30 


These lines each create two records. For example, 


Listing 1. BIND Configuration for example.com 


;-- BIND named.conf excerpt 
zone "example.com" in { 
type master; 


file "db.example.com"; 


zone "10.168.192.in-addr.arpa" in { 
type master; 
file "db.10.168.192.in-addr.arpa"; 


;-- BIND zone file: db.example.com 


$TTL 86400 
example.com. IN SOA linux2.example.com. hostmaster.example.com. ( 
2008090101 ; serial number 
3h ; refresh 
15m ; update retry 
3w > expire 
3h ; negative cache ttl 
) 
IN NS linux2.example.com. 
IN MX 0 mail.example.com. 
mail IN A 192.168.10.10 
Linux1 IN A 192.168.10.10 
Linux2 IN A 192.168.10.20 
Linux3 IN A 192.168.10.30 
flying IN A 192.168.10.10 
spaghetti IN A 192.168.10.20 
monster IN A 192.168.10.30 


noodly-appendage IN CNAME lLinuxl.example.com. 


;-- BIND zone file: db.10.168.192.in-addr.arpa 


$TTL 86400 
10.168.192.in-addr.arpa. IN SOA linux2.example.com. hostmaster.example.com. ( 
2008090101 ; serial number 
3h ; refresh 
15m ; update retry 
3w > expire 
3h ; negative cache ttl 
) 
IN NS = Linux2.example.com. 
10 IN PTR linux1.example.com. 
20 IN PTR Linux2.example.com. 
30 IN PTR linux3.example.com. 
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Listing 2. tinydns Configuration for example.com 


# /service/tinydns/root/data 
.example.com::Linux2.example.com 
.10.168.192.in-addr.arpa::linux2.example.com 
@example.com:192.168.10.10:mail.example.com:0 
=Linuxl.example.com:192.168.10.10 
=Linux2.example.com:192.168.10.20 
=Linux3.example.com:192.168.10.30 
+flying.example.com:192.168.10.10 
t+spaghetti.example.com:192.168.10.20 
+monster.example.com:192.168.10.30 
Cnoodly-appendage.example.com: Linuxl.example.com 


exactly like = lines, except PTR records are not created: 
+flying.example.com:192.168.10.10 # alias for linuxl 
+spaghetti.example.com:192.168.10.30 
+monster.example.com:192.168.10.30 


# alias for linux2 
# alias for linux3 


Although it's discouraged, you also could define an alias 
with a CNAME using a C line: 


Cnoodly-appendage.example.com: Linuxl.example.com 


All these records go in a single file, which in our case is 
/service/tinydns/root/data. Save the file, and from that directory 
run make. This compiles the text file into data.cdb, a constant 
database. If a data.cdb already exists, tinydns will continue 
serving from it until the new one is ready, at which point it is 
moved into place, and tinydns instantly begins using it. The 
Makefile simply calls the tinydns-data command: 


data.cdb: data 
/usr/local/bin/tinydns-data 


You can test that your new records are in the database by 
using the tinydns-get utility. tinydns-get accesses the data.cdb 
file directly, so you don’t need to worry about your test queries 
being cached anywhere. For example, you can use tinydns-get 
to see that your MX record is configured properly. First, make 
sure you are in the /service/tinydns/root directory and that you 
have run make so that the database is up to date: 


# tinydns-get mx example.com 

15 example.com: 

103 bytes, 1+1+1+2 records, response, authoritative, noerror 
query: 15 example.com 

answer: example.com 86400 MX 0 mail.example.com 

authority: example.com 259200 NS linux2.example.com 
additional: mail.example.com 86400 A 192.168.10.15 
additional: lLinux2.example.com 86400 A 192.168.10.20 


This shows that linux2.example.com is defined as the authori- 
tative name server for example.com, that mail.example.com 
is the MX record for the domain, and that its IP address 
is 192.168.10.15. 
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Convenience Features 
There are many other convenience features that tinydns offers. 
For example, with tinydns, you do not need to remember to 
increment the serial on the SOA record each time you change 
something in a zone file. tinydns automatically generates seri- 
als from the last-modified timestamp on the data file, which 
ensures that they are incremented whenever the file changes. 
If you ever have had to migrate DNS for an active domain, 
you will appreciate per-record timestamps. You can specify an 
exact time in the future for a record to change, without 
worrying about how it is cached around the Internet. tinydns 
dynamically calculates the TTL as it responds to queries. For 
example, if you want to migrate samba.example.com from 
192.168.10.25 to 192.168.10.35 at 2 AM on October 15, 
2008, you can add the following two records: 


=samba.example.com:192.168.10.25:0:4000000048f594fa 
=samba.example.com:192.168.10.35: :4000000048f594fa 


The last field on these records is a TAI64 timestamp 
representing 2008-10-15 02:00:00. (See Resources for tips 
on generating TAI64 timestamps.) 

A cache that requests the A record for samba.example.com 
at 1:50:00 AM on October 15, 2008, will receive a response 
of 192.168.10.25 with a TTL of 600 seconds (ten minutes). 

A cache that requests the same record at 1:59:45 AM will 
receive the same response, except with a TTL of 15 seconds. 
After 2:00 AM, tinydns will begin responding automatically 
with the new IP, 192.168.10.35. Because all prior responses 
were set to expire at exactly 2:00 AM, all caches will check 
back immediately for the new address. 

It's the little things like this that make djbdns such a 
wonderful piece of software. 


DNS Replication 
BIND servers use zone transfers to replicate DNS data between 
servers. This process is rather complicated, has a history of 
problems and is not exactly easy to configure. Instead, 
Bernstein recommends using existing data transfer tools, such 
as rsync or scp, that are known to be fast, efficient and secure. 
Let's add linux3.example.com as second DNS server for the 
example.com domain. Install djodns on linux3 and configure 
tinydns as above (using the appropriate IP address). Update 
your data file on linux2 with the new record (anywhere in 
the file is fine): 


.example.com: :Linux3.example.com 


Next, update /service/tinydns/root/Makefile on linux2 with 
the new make target. Replace everything in the Makefile with 
the following: 


remote: data.cdb 
rsync -az -e ssh data.cdb \ 
192.168.10.30:/service/tinydns/root/data.cdb 
data.cdb: data 
/usr/local/bin/tinydns-data 


Be sure to use tabs instead of spaces at the beginning of 
the command lines in your Makefile. Now, when you run 
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make it will compile data.cdb and immediately rsync it to 
linux3. We are using the IP for linux3 in the rsync command, 
because DNS should not rely on itself (it would fail if your DNS 
was broken). Also, you may want to create a special account 
for this purpose and configure passwordless ssh access using 
keys. Dan Bernstein provides more thorough instructions on 
his Web site for configuring DNS replication. 


DNS without the Pain 


As | hope you have seen, DNS does not have to be a headache. 
Although BIND is ubiquitous on Linux, djbdns is more secure, 
more efficient and simply easier to use. And, now that it has 
been released into the public domain, there are no longer any 
philosophical reasons for rejecting it. We've only briefly covered 
what djodns has to offer, so | hope you will read the on-line 
documentation, download it and experiment with it yourself. If 
you ever have found yourself babysitting a BIND instance, you 
may want to consider giving djbdns a chance.m™ 


Cory Wright has an unhealthy obsession with DNS. Once the Lead DNS Systems Engineer for 
Rackspace, he is now a developer and sysadmin at www.natuba.com. He enjoys beating Will 
Reese at foosball and Wii Tennis. His Web site is at dnsfool.com. 


Resources 


Google Disappearing Act: tinyurl.com/ckx6x 
daemontools: cr.yp.to/daemontools.html 
DNS Fool Tips: www.dnsfool.com/tips 


How to Install djbdns, by D. J. Bernstein: 
cr.yp.to/djbdns/install.html 


Paul Jarc’s cache-effect.pl: code.dogmap.org/djbdns 


Mike Babcock’s dnscacheproc.py: 
mikebabcock.ca/code/dnscacheproc 


Replicating Your DNS Service: 
cr.yp.to/djbdns/run-server.html#replicate 


On the Web, Articles Talk! 


Every couple weeks over 
at LinuxJournal.com, 
our Gadget Guy 
Shawn Powers posts a 
video. They are fun, 
silly, quirky and some- 
times even useful. So, 
whether he's reviewing 
a new product or showing how to use some Linux software, be 
sure to swing over to the Web site and check out the latest 
video: www.linuxjournal.com/video. 


We'll see you there, or more precisely, vice versa! 
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ILLUSTRATIONS 


Not only is Xara Extreme a Linux-compatible alternative to Inkscape, but now it even 
has its roots into the Open Source community as well. Dan Sawyer 


Illustrator, you can use Wine or 

CrossOver. If you don’t, a number of 
options are available, the most popular 
among them being Inkscape, which I've 
used as needed for a couple years now. 
It’s a good program, and among the 
available open-source vector graphics 
apps, it’s right up near the top of the 
heap for feature completeness, quality 
of implementation and lack of bugs, but 
it’s not without its problems. 

First, it's slow. The memory foot- 
print—especially when a large illus- 
tration is loaded—is heftier than The 
GIMP's, an app that is not noted for 
its modest memory usage and speedy 
response when editing complicated 
projects. The slowness quickly becomes 
apparent when using Inkscape to work 
at the coffee shop on my less-than-top- 
of-the-line laptop instead of at home 
on my holy-crap-it’s-HAL graphics 
workstation. When you're in a groove 
trying to create and polish something, 
having to wait for the program to 
catch up really, really sucks. 

My second beef with Inkscape (and 
really, | only have the two), is the inter- 
face. Now, I'm willing to go a long way 
to learn an interface, and in theory, | like 
Inkscape's two-fisted approach. After all, 
I'm the guy who prefers Blender over 
other the legal, licensed commercial 3-D 
and compositing systems | have in 
my shop because of its two-fisted 
approach—relying on hotkeys for the 
commands and the mouse for manipu- 
lation makes the work flow fast. The 
problem I've always had working with 


[ you really, really need Adobe 


Inkscape though, is that its command 
map is about four miles long, and most 
of the common functions still require 
two key combinations. Although | like 
the concept, the implementation takes a 
long time to learn, and the keystrokes 
aren't organized in a manner that lends 
itself to deducing different functions 
easily by experimentation. 

The ideal situation would be to get a 
program that's just as well thought out 
as Inkscape, just as bugless, but that has 
a faster work flow and a smaller foot- 
print. A fuller feature set would be nice 
too, but | don’t begrudge a project at 
0.46 for not yet having all its features in 
place. Still, a few extra tools to take it 
up into the class of high-end profession- 
al illustration software would be nice. 

Enter Xara Xtreme, which almost 
does this very thing. Until last year, Xara 
X was a professional, closed-source, 
Windows-only commercial app that 
garnered excellent reviews in PC World 
and won a number of awards both for 
its performance and its habit of under- 
selling the rest of the market. However, 
when Adobe bought up Macromedia 
and then Microsoft announced its inten- 
tion to enter the graphics market in a 
signature Microsoftian way (that is, with 
the intention of squeezing out all the 
small players, marginalizing Adobe and 
capturing the market using substandard 
products with ultra-slick marketing and 
ubiquitous sales placement), Xara saw 
the writing on the wall and figured 
it needed a way to stay in the game. 
Somehow it needed to cut costs, turn out 
a superior product and capture market 
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space being neglected or deliberately 
marginalized by the two big kids fighting 
over the playground. 

Companies like MySQL and SugarCRM 
have used the open-source development 
model to great effect—maintaining a 
freely accessible GPL tree and then 
offering value-added packages with 
proprietary code, support and other good- 
ies as the mainstay of their businesses. 
It's a strategy that, when conducted 
properly, results in everyone winning— 
the people the company employs get to 
keep their jobs, the community develop- 
ers get a fun challenge and a hell of a 
résumé entry, the broader community 
gets to use the free version of the 
product, the clients that need the value- 
added services can purchase it for far 
less than the competition, and the 
company gets to continue existing and 
(hopefully) turning a profit. 

Xara decided to pursue the same 
strategy, with only a modest change in 
terms of its goals. It wants to take over 
the world—it says so right on its Web 
site. It correctly notes that there are a 
dearth of pro-level graphics apps for 
Linux and Mac, and that the few goodies 
there are for Mac actually may go away, 
depending on which way the bricks blow 
off the Adobe building, and Xara thinks 
it can do something about it. So, Xara 
pulled the GPL judo and is hoping it 
sends it to the top of the stack, at least 
where artists are concerned. 

Because of this, Xara has an excel- 
lent incentive to play nice, and that’s 
exactly what it seems to be doing. Xara 
has positioned itself well strategically 


VECTOR ILLUSTRATION © ISTOCKPHOTO.COM/HFNG 


with regards to the GPL—both to pro- 
tect its business model and:to protect 

it from the kind of trolling that SCO 
recently engaged in against, well, every- 
one. As such, Xara will accept code only 
from developers who explicitly (and in 
writing) permit this arrangement, thus 
covering everyone's backside. 


THE GOOD 

Opening it up, Xara Xtreme has two 
very obvious good points: it’s well laid 
out, and it’s fast. As | noted before, | do 
most of the draft-phase of my illustra- 
tion work on my laptop in a coffee shop 
(when you run your own business, you 
don’t actually meet a lot of people 
unless you make it a point to go some- 
where). Laptops make it possible to do 
a day's work without setting foot in 

the office, depending on the day. 
Unfortunately, a proper graphics laptop 
still will cost you your grandmother's 
dentures recapped with diamonds, so 
my mobile rig is a bit more modest. As 
such, | care about speed. Programs that 
are bloated, overcomplicated or poorly 
engineered don’t last long on my hard 
drive unless there is no other tool 
available. Xara is well engineered and 
handles big documents without lagging, 
particularly compared to Adobe 
Illustrator or Inkscape. Of course, it is 
possible to overload it—eventually, one 
meets the end of one’s RAM—but you 
have to work at it. 

The other glorious thing about this 
little program is the design. Far too 
often with graphics programs, the inter- 
face gets in the way. Mountains of 
opaque floating menus that bury your 
work—something that runs directly 
counter to the purpose of working in a 
visual medium—is generally de rigueur 
for this application space. Less 
egregious, but still irritating, is the 
tendency to bury commonly used tools 
in menus, submenus and under the 
rock in the corner. Xara, being a mature 
application that has, for years, had to 
fight for its market position, has kept its 
interface lean and accessible. It quite 
simply doesn’t even get in your way. 
Alpha gradients, color gradients, distor- 
tion tools, primitives, freehand drawing 
tools, 3-D extrusion and skewing tools, 
rotation, and just about every other sort 
of basic manipulation is comfortably 
situated on the left-hand toolbar. 


THE IDEAL SITUATION WOULD BE TO GET 
A PROGRAM THAT'S JUST AS WELL 
THOUGHT OUT AS INKSCAPE, JUST AS 
BUGLESS, BUT THAT HAS A FASTER 
WORK FLOW AND A SMALLER FOOTPRINT. 


Context toolbars appear conveniently 
along the top of the drawing space, 
and they contain a few nifty tricks that, 
if not unique to Xara, certainly are 
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unique in their thoroughness. 

For example, in Inkscape and 
Illustrator, when you add a primitive 
object, you have a certain amount of 
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Xara Extreme 


control over how it winds up looking. In 
any decent vector graphics app, once a 
shape is on the page, you can edit its 
size, height and width, and in some 
cases, you can increase or decrease the 
number of sides and perhaps change 
the number of points, if it’s a star. If all 
those fail, you can grab the bezier han- 
dles and tweak the shape manually. In 
Xara, you get one better. You can do all 
those things, but you also can change 
the type of object it is on the fly—poly- 
gon to circle to star—just by selecting it 
and pressing the button corresponding 
to what shape you want. 

Xara’s 3-D tools, although not yet 
fully implemented, are a cut above 
other open-source competitors. The 
bevel tool is at the left on the main 
toolbar and works splendidly, and— 
unlike other open-source apps—in Xara, 
you can adjust the color and direction 
of the light bevel without going into 


THE BAD 

Despite these good points, Xara currently 
is limited in some fairly irritating ways. 
First, there is no 64-bit binary. The 
available 32-bit binary works fine in 
compatibility mode, but taking advantage 
of my processor's full bandwidth required 
compiling the source, and it wasn’t the 
easiest compile in the world. 

It's also still very much a work in 
progress. Porting a commercial app with 
a number of chunks of third-party code 
to a foreign platform using only open 
code is a nontrivial task, and at the time 
of this writing, there is still a healthy list 
of features that work in Windows but 
not in Linux. A number of features and 
effects present in Inkscape aren't yet 
available in Xara, and for now, it is wise 
to run both programs just in case you 
end up needing a tool in one that's not 
available in the other. 

I've also discovered a bug, which 


XARA IS WELL ENGINEERED AND 
HANDLES BIG DOCUMENTS WITHOUT 


LAGGING, PARTICULARLY COMPARED 
TO ADOBE ILLUSTRATOR OR INKSCAPE. 


submenus or subscreens. According to 
the documentation, you actually can 
use the bevel and contour tools to do 
honest-to-goodness extrusion, but 
having tried for a while to pull this off, 
I'm forced to conclude that parts of the 
tools are as-yet unimplemented in Linux, 
because it doesn’t currently work as 
advertised (in the Windows version, 
however, this isn’t a problem). 

The final point in Xara’s favor 
over Inkscape is its orientation. Xara is 
designed for artists, period. It’s geared 
at people who aren't, and never will be, 
programmers. Quite a bit of Inkscape’s 
best functionality requires far too much 
familiarity with XML, scripting and 
arcane geometric mathematics to be 
accessible to a run-of-the-mill graphic 
artist. I've been doing 3-D work for long 
enough that | can stumble my way 
through, but in a lot of cases, it’s just 
more trouble than it's worth, and |'ll do 
my roughs in Inkscape and then import 
the .svg into Blender to do the finishing 
touches. In Xara Xtreme, finished pro- 
jects are far more obtainable without 
resorting to helper applications. 


I've filed with Xara’s bug tracker, 
with .eps import. As part of my 
testing process, | did a number of 
import/export operations with the 
different file formats Xara supports. 
The Adobe Illustrator .eps file format 
seems to import everything rotated 
90° off prime, which is irritating by 
itself, but can be a fatal flaw for some 
projects when combined with another 
bug. It seems, you see, that Xara 
can't zoom out past 10% of the view, 
and in the case of one file | tested, 
that limitation ruined the project. The 
object in question was a 60" wide 
timeline on which | plotted a recent 
novel—it had several hundred detailed 
text entries cross-correlated in a num- 
ber of ways, with a navigation key at 
the bottom. Upon importing it with 
the Illustrator .eps format, the rota- 
tion bug put half the length of the 
timeline out of my reach—no matter 
what | did, | could neither enlarge the 
canvas enough to encompass the 
whole project for rotation, nor could | 
zoom back far enough to grab all the 
constituent parts and drag them back 
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into the workspace. For that project, 
it's a deal-killer. 


CONCLUSION 

Despite the niggling bad points, I’m 
thoroughly impressed with Xara Xtreme, 
and highly recommend it to anyone 
looking for a proper pro-level graphics 
app on Linux. Although squirrelly. with 
imports and extremely large canvas 
sizes, for most projects, this program 
will serve nicely. It's suitable for design, 
for translating photos into vector-based 
paintings, for creating animation char- 
acters and for designing all kinds of 
Web graphics, print graphics, logos 
and mock-ups. The gallery on the Web 
site makes it clear that, with two 
months of use, I’ve still scratched only 
the surface of this deceptively simple 
program. Well worth the download, 
Xara Xtreme requires almost no time 
to learn and produces professional 
results, even in the hands of the most 
novice professional. 

In the graphics space, this is how 
programs should be designed. Hooray 
for Xara for its decision to open source 
its project. Let’s hope, in the long run, 
that decision pays off as handsomely for 
the company as it already is for this 
community member.m 


Dan Sawyer is the founder of ArtisticWhispers Productions 
(www.artisticwhispers.com), a small audio/video studio in 
the San Francisco Bay Area. He has been an enthusiastic 
advocate for free and open-source software since the 
late 1990s, when he founded the Blenderwars filmmaking 
community (www.blenderwars.com). He currently is the 
host of “The Polyschizmatic Reprobates Hour”, a cultural 
commentary podcast, and “Sculpting God”, a science- 
fiction anthology podcast. Author contact information is 
available at www.jdsawyer.net. 


Resources 


Xara Xtreme can be downloaded 
from www.xaraxtreme.org. 


A quick series of comprehensive 
video tutorials to bring new users 
up to speed can be found at 
www.xaraxtreme.org/about/ 
movies.html. 


Inkscape, the current open-source 
top dog and still an excellent 
program, can be obtained at 
www.inkscape.org. 
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Take a Ride on the 


Gentoo Train 


can't think of a better way to start a religious war in the 

Linux community than to compare Linux distributions. | 

don’t intend to try to say that my favorite distribution is 

best; | just want to point out some of the features of 
Gentoo Linux that make it stand out in the context of some of 
the other more popular distributions. 

Over the years, I've used many different Linux distributions, 
including Slackware, Red Hat, Mandrake, Yellow Dog, SUSE, 
Knoppix, Caldera and finally, Gentoo. When | first started 
using Linux, | used Slackware—back when it fit on 14 3.5" 
floppy disks, including the X Window System. | moved to Red 
Hat when | realized how convenient package management 
could be. Switching to Mandrake was a simple move, because 
it also was RPM-based and featured Pentium-optimized 
packages, which was nice at the time, as Red Hat still was 
compiling for i386. Finally, a coworker introduced me to 
Gentoo, and I’ve never looked back. 

Gentoo is a completely source-based distribution, which 
means you don’t install software by installing precompiled 
binaries using a package manager. With Gentoo, you compile 


almost everything from scratch, under the control of the Gentoo 
package manager, known as emerge (more on emerge later). 

For this article, I’m revisiting using a binary-package-based 
distribution. In this arena, | felt that Ubuntu and Fedora were 
the leading contenders. 

For my tour of the Ubuntu system, | downloaded Ubuntu 
8.04 Desktop edition from the Ubuntu Web site. After booting 
the CD image under VirtualBox, | was able to play around with 
the live CD. The live CD also offered me the opportunity to 
install the system onto my hard drive, which | did. | have to 
say, | was very impressed with how easy it all was. The system 
booted directly into the desktop environment without 
displaying a single kernel message. From there, | was able to 
access the local Windows network neighborhood and a full 
OpenOffice.org suite. Everything seemed to work “right out of 
the box”. Within a minute of using the new system, | received 
a pop-up message indicating that new updates were available 
for installation. | opted to let the system perform the update, 
and the update was completely uneventful—the way | like 
updates to be. 


Compile your entire Linux system for your particular CPU’s instruction set with Gentoo. 
MIKE DIEHL 
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At first, | was a bit perplexed, because the system never 
asked me for a root password, even though | was performing 
actions that usually required root privileges. It turns out that 
Ubuntu has a mechanism allowing a system user to perform 
many privileged functions, such as mounting media, installing 
software and restarting the machine, without ever needing to 
know the root password. Of course, I’ve used su and sudo 
before, but Ubuntu’s system seems to be broader and much 
more granular—and wrapped in a nice GUI. Overall, | was very 
impressed with how quickly | actually was able to get down to 
working with the Ubuntu system, without even knowing the 
root password. Eventually, | discovered how to “unlock” the 
root account, but | suspect many Ubuntu users never have to 
resort to such administrivia. 

My whole experience with Ubuntu was very Windowsesque, 
and not in a monopolistic, dumbed-down, UNIX wanna-be 
kind of way. | was very impressed and easily could see how 
almost anyone could download an Ubuntu CD and be up and 
running productively within minutes. 

When | went to Fedora’s Web site to download the Fedora 
9 installation CD, | was given a choice of downloading six CDs 
or one DVD image that weighed in at 3.6GB. There also was a 
network installation CD, but it required access to the other 
CDs over the network, and | didn’t want to take the time to 
set up that. | opted to start the DVD image download and go 
to bed for the night. In the morning, | started the installation. 
During the installation, | was given the choice of doing a 
Desktop/Productivity, Web Server or Programming installation. 
| chose the Desktop installation. When it was done and the 
system had rebooted, | was presented with a GNOME desktop 
environment with OpenOffice.org already installed, as with 
Ubuntu. | found the menu structure for Fedora to be a bit 
more intuitive. The fact that the system required the root 
password in order to perform privileged functions left me 
feeling like | was in familiar territory. 

By clicking on the Customize Now box, | was given the 
chance to determine, much more granularly, what software 
would be installed on my new system. For example, | saw that 
| could substitute the KDE environment, which | prefer, for the 
GNOME environment that Fedora installs by default. Of 
course, because Fedora is an RPM-based distribution, | can 
install new software anytime | want. 

Fedora is a Red Hat-sponsored and community-supported 
project. Red Hat sponsorship carries a lot of weight with me, 
because I've dealt directly with some of the Red Hat developers 
whose drivers I’ve used, and I've always had a positive 
experience. To me, Red Hat epitomizes the open-source 
business model. It is a for-profit corporation that funds and 
supports open-source development. Because it is a for-profit 
corporation, Red Hat product licensing is an easy sell in the 
business arena. Managers tend to want to know that their 
core operating system will be documented and supported for 
the foreseeable future. 

The rest of this article focuses on the Gentoo Linux 
distrioution. My coverage of Ubuntu and Fedora are purposely 
superficial, because | think most Linux users have installed 
Linux before and understand how package management 
works and what configuration usually needs to be done on a 
new machine. Drawing on this experience gives us a context 
in which to discuss Gentoo. 
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FEATURE Gentoo 


Although Gentoo does have a live CD image with a graphical 
installation program, | usually download the minimal installation 
CD. It's only 50MB, so it typically takes longer to find a blank CD 
than it does to download. Once the installation CD has booted, 
you are presented with a bash shell prompt with root privilege, 
still running from the mounted CD image. As Indiana Jones once 
said, “We walk from here”. From this point, we perform all of 
the installation steps manually. 

The Gentoo documentation is excruciatingly thorough, and 
although | don’t recommend you send it to the laser printer, it 
is very much worth reading. Fortunately, it's also color-coded, 
so experienced Gentoo users quickly can go through the steps 
without skipping a beat. The documentation walks you 
through partitioning and formatting the drive and installing a 
base system, upon which the rest of the system builds. 

During the installation process, you can configure almost 
every aspect of the system. For example, Gentoo provides you 
with a /etc/fstab template, but you have to fill in the details. 
Finally, you configure and install GRUB, then reboot. 

When you first log in to a new Gentoo system, you're 
faced with a completely stripped-down version of Linux—no 
port mapper, no Apache, no (x)inetd, nothing. The SSH 
daemon isn’t even running by default! This is kind of the fork 
in the road. Are you building a Web server, a file server, a 
mail server or a desktop? Now you simply install the software 
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that needs to be installed, and only the software that needs 
to be installed. 

During the installation process, you will encounter a few 
concepts that are unique to Gentoo: portage and use flags. 

Portage is Gentoo’s package management system. 
Although made up of a bunch of shell scripts, portage essen- 
tially is a database that tells emerge, the Gentoo software 
installer, how to download, build and install any given soft- 
ware package. Portage also takes care of calculating package 
dependencies. Installing a new software package is as easy as 


During the installation process, 
you can configure almost every 
aspect of the system. 


typing emerge apache, and emerge determines what other 
software packages are required, downloads all the needed 
packages, compiles them in order and installs the resulting 
binaries. Although not tied to a graphical environment, it is a 
pretty nice way to install software. 

If you tend to prefer a more graphical experience, kuroo 
allows you to do anything that emerge can do, but with a 
point-and-click interface. Not much could be easier. 

Source-based software installation is pretty slick, but 
Gentoo’s use flags are what makes it as customizable as it 
possibly can be. Use flags are mechanisms that let you decide 
what optional features should be compiled into the system. 
For example, by setting or resetting the MySQL use flag, you 
can determine whether Qt is compiled with MySQL support. 

If you leave out the MySQL support, you also get rid of the 
MySQL dependency. So, by carefully tweaking the use flags, 
you can pare a system down to its bare necessities, and bare 
necessities are easier to secure and maintain. 

Another benefit of installing from source is that you can 
configure GCC to take advantage of the particular chipset you 
are using. This feature, as well as the use flags, is configured 
in /etc/make.conf. By telling Gentoo that you are using an 
AMD processor, for example, you enable GCC to compile your 
software to take advantage of any AMD-specific instructions. 
Gentoo systems that run on a Pentium 4 computer will take 
advantage of the features of the P4 that are lacking from the 
Pill, AMD or PowerPC architectures. 

| don't have any solid numbers to back my claim, but | felt 
the difference when | compiled KDE for the AMD Athlon as 
opposed to the generic Pentium at the time. With the divergence 
between Intel and Athlon, this feature will become more and 
more important in the future. 

The magic of Gentoo is that you not only can determine 
exactly what software packages get installed on your system, 
but you also have quite a bit of flexibility in determining exactly 
how those packages are compiled. | used to chuckle about 
how much cruft was being installed with the average 
Windows installation and feared that Linux was following the 
trend. There is no reason to install software you don’t intend 
to use, and there are considerable advantages to not installing 
it at all. Gentoo gives you the control needed to ensure that 
your system has only those packages installed you intend to 


use. There is no reason for a Web server 
or a mail server to have the X Window 
System installed, for example. 

I've been a Gentoo user for several 
years now, and I've found that the 
Gentoo mailing list is completely invalu- 
able. Unlike some of the mailing lists for 
other mainstream Linux distributions, 
the Gentoo mailing-list members seem 
to understand that there are issues 
unique to Gentoo, and they are pretty 
patient with new and old users alike. 
I've never been patronized or insulted 
for asking dumb-sounding questions. 

| have to say, the Gentoo community 
is one of the stronger arguments for 
using Gentoo in the first place. The 
community understands that Gentoo 
has a learning curve, and they are 
more than up to the task of helping 
people climb it. 

Alas, Gentoo isn’t without its weak- 
nesses. Most new Gentoo users quickly 
realize that it can take time, sometimes 
a lot of time, to build a Gentoo system. 
Whereas the Ubuntu system was up 
and running in less than ten minutes, 
even under a virtual machine, a typical 
Gentoo system can take hours to build 
from scratch. | like to tell myself that 
you get what you pay for, and an initial 
investment in time spent during the 
installation process will pay dividends in 
heightened security and ease of mainte- 
nance in the end. Overall, I’d say that 
this time investment has paid off. 
Because my servers don’t have as much 
software installed on them, they don’t 
need to be patched as often, and 
they've been remarkably stable. But 
then, Linux is inherently stable. 

Many new Gentoo users lament the 
lack of a graphical installation program. 
And, although a graphical installation 
wizard is nice, I'd argue that you get to 
know your system much more intimately 
by getting your hands dirty and 
configuring each and every aspect of it. 
Getting to know your servers intimately 
begins to make sense when you start 
building mission-critical servers and 
workstations. Such servers don’t need 
the X Window System or any other 
extraneous software installed. 
Eventually, | think, most Gentoo users 
end up scripting their installations, and 
as no GUI is involved, this process is 
fairly easy. | have an installation script 
that I’m quite happy with. 

The other major weakness in the 


Gentoo system is that sometimes the 
Gentoo maintainers decide to make 
major architectural changes. Because 
Gentoo users compile their systems from 
scratch, they don't enjoy any shelter 
from these various types of changes. | 
remember when the maintainers decided 
to rework completely how Gentoo did 
its network configuration. The old con- 
figuration was fairly simple and intuitive. 
The next configuration entailed a 30K 
configuration file. Of course, much of 
this configuration file was comments, 
but it still was daunting. To be fair, the 
result was a system that not only could 
configure the standard Ethernet, but 
also Wi-Fi, VPN and all sorts of esoteric 
network configurations. The resulting 
mechanism was pretty elegant, but the 
transition was a bit painful. 

So, what are my recommendations 
as a longtime Linux user? Well, if you 
want to get up and running with a Linux 
system and have no, or little background 
in Linux, try Ubuntu, particularly if you 
are an enlightened Windows user. | 
think you'll be at home with Ubuntu 
almost immediately. | almost was sucked 
in too. If you are accustomed to the 
standard Linux installation process, or if, 
for political reasons, you need corporate 
support, | wholeheartedly recommend 
Red Hat or Fedora. However, if you want 
something a bit more customizable, or if 
you want to learn Linux at a completely 
different level, | recommend trying 
Gentoo. Walking through all of the steps 
needed to install a Linux machine from 
scratch is educational and can instill 
you with a profound appreciation for 
all the work that the Linux distribution 
maintainers do for the rest of us. 

As a final comment, I'd like to mention 
that about every six months, someone on 
the Gentoo user's mailing list asks if 
Gentoo is suitable for production 
environments. My answer is pretty 
simple. All of my production servers, as 
well as my work-related workstations 
and laptops, are Gentoo systems. This 
list includes production mail and Web 
servers, production Asterisk servers and 
workstations that | simply can't afford 
to be without. So, yes, Gentoo is ready 
for the production environment. 


Mike Diehl is a professional computer nerd in Albuquerque, 
New Mexico. Mike lives with his wife and three small 
boys, including a newborn, and can be reached via e-mail 
at mdiehl@diehlnet.com. 
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The Story of Firefox: from 
Underdog to Superhero 


How Firefox became our very favorite browser. JAMES GRAY 


It took many years for Firefox to be an overnight success. 
Who would have thought back in March 1998, when 

the struggling Netscape released the source code for its 
Communicator Suite, that Firefox would be the favorite browser 
on the Linux platform and a formidable insurgent challenger 
to Microsoft's Internet Explorer (IE) on Windows. 

Gradually over the past ten years, Netscape mor- 
phed into the Mozilla browser, which in turn gave 
rise to Firefox. Today, Firefox owns a market 
share of around 20% worldwide (and much 
higher in certain places). How was Firefox able 
to accomplish this rise from the ashes of 
Netscape and go from underdog to hero? 

The story of Firefox also is a story of the 
coming of age of open source, of opportunities 
presented by Microsoft failing its users of IE, of 
Internet users hungering for something new and of 
cutting-edge innovation that blew our socks off. 


on January 23, 1998, when Netscape announced the release 
of source code for Netscape Navigator 5.0. Recall that back in 
1998, the open-source model still was viewed with widespread 
skepticism. At that time, Eric S. Raymond had written the 
on-line version of The Cathedral and the Bazaar, which made 
open source tangible to more people. Raymond, who 
guided Netscape through its open-source strategy, 
noted that his contacts at the company had 
such a huge sense of relief, or even gratitude, 
because market conditions had become so 
bad, they could justify doing what they 
wanted to do anyway. 
Netscape’s Vice President of Products, Marc 
Andreessen, said his company open-sourced 
Netscape because, “we're at an inflection point, 
a trigger point, when there’s an alignment with 
the energy of growth. Linux is hot. The technolo- 
gists have adopted it, and it's growing fast all through 
the Open Source community. This gives us the confidence that 
we couldn't screw it up if we tried.” 

Raymond also called Netscape’s decision, “the long-awaited 
breakout of free software into the commercial world”. Little 
did he know the prescience of his words at the time. 

A few months later, in March 1998, mozilla.org was founded, 
the source code for Netscape Communicator 4.0 was released 
and the community went to work. 


Netscape: Firefox's Proprietary Great Uncle 
Certainly you remember the browser wars of the mid- to late- 
1990s—the ones that Netscape lost handily. Although we were 
fortunate that Netscape cared enough to maintain a Linux ver- 
sion, we used the Communicator out of necessity, not passion. 
Little did we know at the time, but the seeds of change 
(and the beginnings of the Firefox browser) would be planted 


Firefox Timeline 
1998 


JANUARY 23, 1998 
Netscape announces 
the release of 

the source code 

for Netscape 
Navigator 5.0. 


FEBRUARY 23, 1998 
Netscape announces 


the mozilla.org Project. 


MARCH 31, 1998 
The first Mozilla 
code (for Netscape 
Communicator 5.0) 
became publicly 
available under the 
terms of an official 
open-source license 
and a governing body 
for the project, the 
Mozilla Organization, 
began its public work. 


1999 


MARCH 18, 1999 
America Online 
acquires Netscape. 
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2002 


JUNE 5, 2002 

The Mozilla 1.0 suite, 
the open-source progeny 
of the proprietary 
Netscape Communicator, 
is released. 


SEPTEMBER 23, 2002 
Phoenix 0.1 (Pescadero) 
is released, the first 
official version of a 
standalone browser 
that will later be 
renamed Firefox. 


2003 


APRIL 2, 2003 
Mozilla announces 
intent to develop what 
would become Firefox 
(code-named Firebird 
at the time) as a 
standalone application 
rather than as part of 
an integrated suite. 


JUNE 30, 2003 
Mozilla 1.4 is released 
with pop-up blocking. 


JULY 2003 

The not-for-profit 
Mozilla foundation is 
spun off from AOL. 


AUGUST and 
NOVEMBER 2003 
Mozilla wins the Linux 
Journal Editors’ Choice 
Award for Best Web 
Browser and Readers’ 
Choice Award for 
Favorite Browser for 
the first time. 


The Making of Mozilla: 1998-2002 

It took some time for Mozilla to come of age post-Netscape. 
Although Netscape Communicator’s source code was released 
in early 1998, the Mozilla 1.0 suite, or applications framework 
as it is technically called, was not finished until June 5, 2002. 
Despite Mozilla's Netscape-like look and feel during this period, 
much was changing under the hood. In November 2000, Linux 
Journal writer Mike Angelo commented that “if you have any 
notions that Mozilla, the browser suite, is an upgrade from 
Netscape Communicator 4.x, please lose them. Picture Mozilla 
as a browser suite that is new from the ground up, but 
just looks and feels lots like the Netscape 4.x browser suite, 
thanks to its skin”. 

In spite of the overhaul, Mozilla retained Netscape’s “all- 
in-one” suite orientation, which was later to be shed by the 
self-standing Firefox. Mozilla consisted of the applications 
Mozilla Navigator, Mozilla Composer, Mozilla E-Mail, Mozilla 
News and ChatzZilla. 

During this period, in March 1999, Netscape went off to 
become part of America Online. Nevertheless, the two organiza- 
tions retained close ties—for instance, many of Mozilla's develop- 
ers were inside Netscape/AOL, and Netscape/AOL continued to 
assist Mozilla financially. Furthermore, while Netscape/AOL 
utilized the Mozilla code as a base for its own Netscape 6, the 
company added its own proprietary features, such as AIM. 

Development-wise, these six interim years were productive. 
Most important, the Mozilla development team built the 
Gecko browser layout engine from scratch and ensured full 
W3C (World Wide Web Consortium) standards compliance. In 
addition, changing skins on the fly, security features and the 
plugin model were expanded and improved significantly. 


Mozilla 1.0: Worth the Wait 

After four long years of development, Mozilla 1.0, mostly free of 
its Netscape Communicator past, was at last released on June 4, 
2002. CNET.com’s Rex Baldazo raved that “The four-and-a-half- 
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year wait is over—Mozilla 1.0 has gone gold, and from what 
we've seen, it’s been worth the delay.” Immediately, users were 
impressed with Mozilla's speed, stability and features, such as 
tabbed browsing, pop-up blocking and custom skins. 

Mozilla's features caught the surfing public's attention and 
re-ignited the browser wars of yore. Several different Web 
analytics firms reported that Microsoft's Internet Explorer 
dropped from a 97% market share in 2002 to 93% in late 
2004. During the same period, Mozilla went from a 2% 
market share with Netscape to more than 5% with all of 
its open-source browser offerings. 


Firefox Grows in the Shadow of the 

Mozilla Suite 

While the Mozilla browser was out in the world making 
Web surfers everywhere gleeful, the development team at 
mozilla.org, led by Chief Technology Officer Brendan Eich, 
already was laying the foundation for a much better browser. 
On September 23, 2002, the Mozilla team released Phoenix 
0.1 (Pescadero), the first official version of a standalone browser 
that would later be named Firebird and, eventually, Firefox. 
Phoenix was a redesign of Mozilla’s browser component but 
written using the XUL user interface language and designed to 
be cross-platform. Phoenix's developers stated that “Phoenix is 
not your father’s Mozilla browser. It’s a lean and fast browser 
that doesn’t skimp on features”, loading pages in half the 
time as Mozilla 1.1. Furthermore, they added, “Not only does 
Phoenix aim to match the feature set of Mozilla—subtracting 
features deemed geeky and better offered as add-ons—but it 
extends it. We also believe Mozilla, in general, is going in the 
wrong direction in terms of bloat and UI, and see no reason 
for our releases to carry those connotations.” 

On April 3, 2003, Mozilla announced its intent to develop 
what would become Firefox (code-named Firebird at the time) as a 
standalone application rather than as part of an integrated suite. 

Mozilla’s Eich summarized the new browser's philosophy in 


2004 


FEBRUARY 8, 2004 DECEMBER 2004 


2005 


OCTOBER 19, 2005 


2006/2007 


OCTOBER 24, 2006 


2008 


MARCH 31, 2008 


The Mozilla Foundation 
places a full-page ad for 
Firefox in the New York 
Times with financial 
contributions from more 
than 10,000 users. 


The new release 
Firefox 0.8 (Royal Oak), 
leaves behind the old 
name Mozilla Firebird. 


JUNE 17, 2004 

Mozilla 1.7 is released with 
speed improvements and 
better standards support. 


NOVEMBER 9, 2004 
Firefox 1.0 is released. 


Firefox reaches milestone 
of 100 million downloads. 


NOVEMBER 29, 2005 
Firefox 1.5 is released. 


AUGUST and 

NOVEMBER 2005 

Mozilla wins the Linux Journal 
Editors’ Choice Award for Best 
Web Browser and Readers’ 
Choice Award for Favorite 
Browser for the second time. 


Firefox 2.0 is released. 


NOVEMBER 19, 2007 
Firefox 3.0 beta! is released. 


www.linuxjournal.com 


The Mozilla Project 
celebrates its 
10th anniversary. 


JUNE 17, 2008 

Firefox 3.0 is released 
(projected at the time of 
this writing), with 
Download Day to set 

the Guinness World Record 
for Most Software 
Downloaded in 24 Hours. 
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its development road map as follows: 


[Firefox] is simply smaller, faster, and better—especially 
better not because it has every conflicting feature wanted 
by each segment of the Mozilla community, but because it 
has a strong “add-on” extension mechanism....Attempting 
to “hard-wire” all these features to the integrated 
application suite is not legitimate; it's neither technically 
nor socially scalable. 


Firefox 1.0 Arrives 

Six years, seven months and nine days after the birth of 
mozilla.org, Firefox 1.0 was born on November 9, 2004. 
Looking back to the earliest days of Firefox 1.0 with three and a 
half years of perspective and comfortable browsing, it’s easy to 
forget how exciting the post-release vibe was. Firefox saw more 
than 100,000 downloads in the first few hours and nearly 10 
million per month shortly after the release. Toward the end of 
its run, Firefox 1.0 reached 100 million downloads in October 


2005. This success translated into a market share of around 5%. 


By early December 2004, according to OnStat.com, Internet 
Explorer's market share dropped yet again to below 90%. 

There was a palpable hunger for an alternative. As part 
of the Spread Firefox campaign, 10,000 Firefox supporters 
coughed up some of their hard-earned money to show sup- 
port for their browser by contributing to fund a full-spread 
advertisement in the New York Times. Spread Firefox is the 
nexus of global community volunteerism to promote Firefox 
via guerrilla marketing activities. 

The left page of the masterful New York Times ad features 
the names of all 10,000 contributors over a shadowed Firefox 
logo. The ad asks the reader, “Are you fed up with your Web 
browser? You're not alone. We want you to know there is an 
alternative.” On the right page, it featured, “Introducing 
Mozilla Firefox 1.0” in bold type, followed by quotes from 
satisfied users and the advantages of Firefox, such as speed 
and browsing free of pop-ups and spyware. “Find out what 
10 million users from around the world already know: there is 
an alternative.” Unfortunately, the Times ad is not printable in 
this space due to size constraints, although you can see it at 
the Spread Firefox Web site. 

There also was hunger for better security. On the Windows 
side, it seemed that IE was once invincible. However, IE’s security 
problems pushed millions of users and countless organizations 
out to the far edge of the plank; Firefox was the nudge that 
made them jump ship in droves. 

For most people, however, the reason to move to Firefox 
was its features. They ate up the tabbed browsing, better stan- 
dards support, integrated search, a user-friendly plugin manage- 
ment system, easy installation and removal procedures and, of 
course, better security. The latter was possible, because Firefox 
lacks the deep hooks into the operating system as is the situa- 
tion with IE, which therefore suffers greater impact from flaws. 


Firefox 1.5 


During 2005, Firefox gained 10% of global market share from 
its rivals, a feat that the proprietary Netscape could not muster 
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after falling behind Internet Explorer. The success train contin- 
ued to roll down the tracks, and Mozilla released Firefox 1.5 
on November 29, 2005. 

In Firefox 1.5, the Mozilla development team added new 
features, such as even speedier page loading, drag-and-drop 
search, integrated RSS reader, tab re-ordering, better pop-up 
blocking, binary patching for upgrades, clearing of personal 
data with a single button and partial SVG 1.1 support—not to 
mention all the new extensions that continue to accumulate, 
which leave practically no limit to what you can do with Firefox. 

Despite the increased complexity of version 1.5, the Firefox 
development team continued to prove itself more worthy than 
its rivals, not only attending to serious flaws but also avoiding 
them in the first place. 


Firefox 2.0 
We need another metaphor for inertia, because Firefox 2.0 has 
it too. As we sit on the verge of version 3.0, we can see that 
Firefox 2.0 has carved out another 8% of market share to 
reach 18%, according to Net Applications. This translates into 
approximately 170 million users worldwide. 

For features, the 2.0 release added Google's anti-phishing 
software, Live Titles for bookmarks, spell-checking, improved 
UI and improved support for SVG and JavaScript 1.7. 


Firefox 3.0 
As | finish this article, | longingly look ahead to the release date 
for Firefox 3.0, which looms just a few tantalizing days out at the 
time of this writing. The day is also Download Day, an initiative 
by Spread Firefox to set the Guinness World Record for Most 
Software Downloaded in 24 Hours. As of mid-June, the number 
stands at 1.1 million and growing. Clearly, now that open source 
has taken hold, it is possible to assert that one should never 
underestimate the effectiveness of disciplined bands of inspired 
volunteers to change the world of computing. 

Mozilla has raised expectations for Firefox 3.0, saying that 
it will run double the speed of its predecessor and use much 
less memory. Furthermore, the browser will be much smarter, 
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Figure 1. Firefox says that Version 3.0 has more than 15,000 updates. 
Will it keep Firefox's momentum going? 


as you can simply begin typing into the location bar, or 
“aweome bar”, to find what you are looking for, and Firefox 
offers a list of options it thinks are most relevant to you. 

Version 3.0 also implements the updated Gecko 1.9 layout 
engine, which allows it to pass the Acid2 test, a standards- 
compliance test for Web-page rendering. 


From Underdog to Hero 

Firefox's trajectory—from proprietary Netscape to Mozilla to 
Phoenix/Firebird and finally Firefox—is an incredible story of 
triumph. What began as the outdated, proprietary Netscape 
browser, with shrinking market share from a struggling com- 
pany, was set free with open source to transform itself into a 
technological and organizational powerhouse. Firefox now 
ranks with Linux and Apache as one of the world’s premier 
open-source applications. Although it has taken a decade, 
Firefox has valiantly clawed back to nearly 20% market share 
worldwide, with 29% in Europe and more than 40% in countries 
like Finland and Poland. This is quite an accomplishment, given 
that Firefox's main competitors, IE and Safari, have huge 
pre-installation advantages. 

Firefox came of age with open source and, as Technetra’s 
Alolita Sharma observed, “has helped make open source main- 
stream” and that “its success as a constantly evolving open- 
source product has validated the open-source development 
model”. Hats off to the pioneers like Eric S. Raymond who 
helped Netscape see the light in 1998 and get started on the 
right foot, as well as the hundreds of developers and activists 
who contributed to Firefox technically and promotionally. 
Without the army of Spread Firefox volunteers, who never 
would be so enthusiastic about a proprietary product, Firefox's 
success would be much less viral. 


Many thanks also go to Microsoft for so many things—its 
horrible attention to security, lack of innovation and IE's overly 
tight integration with Windows—all of which made users so 
fed up and thirsty for an alternative. It helped tip so many 
millions to Firefox. 

The past decade has been quite a run for our friend Firefox. 
It has matured admirably over time, and version 3.0 continues 
the positive, upward trend. As mentioned, however, competitors 
are in the wings who would love to experience similar success 
and grab hold of some of Google's millions that Firefox currently 
receives. Already there are signs that Safari is eating into some 
of Firefox's market share in North America. Regardless, if our 
fledgling hero can ride its current wave of technical innovation 
and popular support, we should see Firefox residing on ever 
more desktops of satisfied computer users.m 


James Gray is Linux Journal Products Editor and a graduate student in environmental science and 
Management at Michigan State University. A Linux enthusiast since the mid-1990s, he currently resides 
in Lansing, Michigan, with his wife and cats. 


Resources 


Apple Computer's Safari Browser: www.apple.com/safari 
Mozilla Foundation: www.mozilla.org 
Spread Firefox: www.spreadfirefox.com 


Spread Firefox campaign's advertisement in the New York 
Times: www.mozilla.org/press/nytimes-firefox-final.pdf 


13%, 5-3 Monitoring Processes with Kill 


If you have a process ID but aren't sure whether it’s valid, you can 
use the most unlikely of candidates to test it: the kill command. If 
you don't see any reference to this on the kill(1) man page, check 
the info pages. The man/info page states that signal 0 is special, 
and that the exit code from kill tells whether a signal could be 
sent to the specified process (or processes). 
So kill -0 will not terminate the process, and the return 

status can be used to determine whether a process is running. 
For example: 


$ echo $$ # show our process id 
12833 

$ /bin/bash # create new process 

$ echo $$ # show new process id 
12962 

$ kill -@ 12902 

$ echo $? HACXSiL SHG Xm GOO ems Sa) 


0 

$ exit # return to previous shell 

$ kill -@ 12902 

bash: kill: (12902) - No such process 

$ echo $? # doesn't exist, exit code is 1 
1 


Many UNIX deemons store their process IDs in a file in 
/var/run when they are started. Using kill -@ to test the 
pid is a lot easier than parsing ps output. For example, to test 
whether cron is running, do the following: 


# kill -0 $(cat /var/run/cron.pid) 
# echo $? 
0 


—RICH LUNDEEN 


www.linuxjournal.com september 2008 | 87 


seer 


State of the Art: 
Linux Audio 2008 


An overview of current capabilities and achievements in Linux audio development. 


DAVE PHILLIPS 


The world of Linux audio covers many domains, from basic 
desktop sound services to embedded systems, from simple 
Internet telephony to the demands of professional recording 
studios. This article presents an overview of the Linux audio 
world and its current status. 

Due to the breadth of the topic, | have divided this article 
into two parts. For the same reason, it is impossible to discuss 
any particular program in-depth in this kind of survey. However, 
| cover many of the programs mentioned here in my articles 
for the Linux Journal Web site (www.linuxjournal.com), 
and | refer readers to those articles for more detail on 
individual programs. 


General Commentary 

Sound support in Linux has progressed grandly since my first 
experience with the system in the mid-1990s. The mainstream 
distributions all have excellent device detection, including 
sound card detection, and the typical desktop audio functions 
are configured transparently during installation. Most distribu- 
tions let users add and configure extra sound devices manually, 
but some detect and configure multiple devices automatically. 
Any configuration needed after installation is handled similarly 
through control panels and other user-friendly utilities. In addi- 
tion to technical advances, Linux sound and music applications 
have grown in number and sophistication. We now have 
excellent software for media production and playback, and 
there is good reason to expect continued development in 
audio-oriented domains. 


Software Categories 
In this overview, | distinguish between the two broad cate- 
gories of system software and applications software. System 
software here includes the kernel sound system and other 
tools and utilities that make the user-level programs work. This 
software is usually not associated with normal usage, and typi- 
cal users may, in fact, never even know about it. Nevertheless, 
this layer is where the heavy lifting is done, and although it’s 
not flashy or sexy, it is the heart of the Linux audio system. In 
contrast, applications software includes the programs that 
present themselves to users via the distribution’s menus, 
toolbars and file managers. This software is what typical users 
understand and employ on a regular basis. 

The first part of this article covers system software and 
a variety of other audio-related software domains. The 
second part focuses on the state of Linux sound and music 
production software. 
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System Software 

ALSA (Advanced Linux Sound Architecture) provides the core 
audio and MIDI services to the Linux kernel. These services 
include the device drivers installed with the kernel, a library 
and API for programmers, various user-level tools and utilities, 
and firmware for some USB and other devices. If a project's 
development is reflected in its changelogs, ALSA is clearly a 
very active project, with a steady stream of enhancements and 
fixes, and an expanding list of supported sound cards and 
audio chipsets. 

The developers at 4Front Technologies have improved their 
OSS (Open Sound System) Linux package in similar fashion. 

In 2007, the company announced the decision to place the 
system under open-source licensing. As a result, OSS is now 

a free, open-source project, complete with source repository, 
Bugzilla, wiki and protection by the GPL, BSD and CDDL licenses. 
But, all this goodness isn’t only for Linux. The OSS package 
also provides high-quality audio/MIDI services to our comrades 
on UNIX systems, such as FreeBSD and Solaris. 

ALSA and OSS provide the device drivers needed to 
make your sound hardware usable by the operating system. 
Sometimes they create these drivers by consulting material 
provided by manufacturers, and sometimes they reverse- 
engineer a driver. To my knowledge, only Audio Science offers 
Linux drivers developed in-house. Audio Science manufactures 
high-quality audio hardware marketed mainly to radio 
broadcasters, and codes and provides native Linux drivers 
for its products. Ah, if only [manufacturer's name deleted] 
would be so wise. 


Desktop Sound Servers 

Normal desktop actions and activities that require audio 
services include system sounds, media players, Internet tele- 
phones and simple recording. However, normal users now 
expect amenities, such as transparent software mixing and 
relatively glitch-free performance, in a multitasking system. 
ALSA's dmix plugin provides software mixing, but not all 
distributions want to employ it. Thus, competition remains for 
the position of the default Linux desktop audio server. GNOME 
still uses esd (the Enlightened Sound Demon), and KDE still 
backs the aRts daemon, but the PulseAudio Project definitely is 
the newcomer to watch. PulseAudio already has been adopted 
as the sound server of choice for the OLPC XO laptop and for 
recent releases of Ubuntu, and there’s reason to believe it may 
overtake esd and/or artsd as the One True Server for typical 
users’ sound-related activities. 


Real world system training 
that takes your career farther. 
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For the Professional: JACK 

The demands of professional audio production require a 
different order of performance from a sound server. None of 
the servers mentioned above are capable of drop-out free 
performance under heavy resource demand—for example, 
multichannel recording with high sample rates and bit 
depths—and they cannot be considered suitable under 
pro-audio conditions. Fortunately, Linux has JACK, a truly 
professional-grade audio server and master transport system. 
If you plan on producing professional-quality audio with Linux 
sound and music software, you need to know JACK. 

JACK development is steady and continues to expand the 
system's capabilities. JackMIDI is showing up in more applica- 
tions, and the jackdmp Project points the way toward JACK’s 
future on multiprocessor architectures. Current versions 
already run on OS X, and there’s even been a successful port 
to Windows. Currently supported back ends now include 
ALSA, OSS, PulseAudio, FreeBob/FFADO (for FireWire devices) 
and CoreAudio (on OS X). 


Other Notable System Software 

Erik de Castro Lopo has contributed some essential compo- 
nents to the Linux audio infrastructure. His libsndfile provides 
programmers with a comprehensive library for handling file I/O 
for a great variety of soundfile formats, and his libsamplerate 
has found broad acceptance as the preferred tool for high- 
quality sample rate conversion. These libraries relieve applica- 
tions programmers from the burden of writing code for very 
common tasks, and both packages are common dependencies 
throughout the world of Linux audio software. I’m also happy 
to report that both libraries are currently maintained. 


Common Applications 

The sound-related software most familiar to typical users 
includes media players, games and audio communication 
devices. In each instance, the application itself does not handle 
audio directly, instead relying on the kernel’s sound API (that 
is, ALSA). This reliance frees application developers to focus 
on features, rather than on how to interface with users’ 
sound hardware. 


Media Players 

Linux music players are a mixed blessing. For average users, 
programs such as Amarok, Banshee, Rhythmbox and the 
XMMS clan work well for playing most audio formats (MP3, 
Ogg, WAV, AIFF and so on). AlsaPlayer continues to provide a 
lighter-weight player, not so feature-rich but stable and JACK- 
sawy. JACK-awareness is one of my personal complaints with 
most of the current music players, but | have reason to hope 
that the major players will get it and at least provide a plugin 
for JACK connectivity. And, while I’m dreaming, I'd also like 
to see Linux media players adopt the JACK master control 
system. More typical wish lists include true gapless playback 
and support for huge collections. The development teams of 
the popular players are quite aware of these requests and 
are working to address them in future releases. As Figure 1 
indicates, some developers are indeed moving forward. 
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Figure 1. Amarok does JACK with libxine. 


Multimedia players, such as MPlayer and Xine, continue 
their development march forward. These projects are well 
established, and many users rely on them heavily for more 
than just DVD and video file playback. MPlayer (and its sister 
software MEncoder) is a veritable toolkit for a wide variety of 
video and audio tasks, and the Xine library is used by many 
other applications that need video capabilities. Both programs 
play a wide variety of video and audio formats, and both 
include hooks for user-friendly GUls. 

Alas, there is a snake in the grass in this field. Video players 
depend on codecs that provide support for the seemingly 
endless variety of video formats, and many popular formats 
are patent-encumbered. One immediate result of this situation 
is the difficulty or impossibility of including these codecs in a 
mainstream Linux distribution. Some distros simply point users 
to a repository where they can download the necessary pack- 
ages, but it would, of course, be better if the codecs could be 
installed along with the players. However, until patent law 
reform takes place (in the US, at least), there can be no other 
way to supply the software. 

Playback of encrypted DVDs also is problematic. It appears 
that the MPAA is no longer pursuing legal action against distri- 
bution of the DCSS software, but distribution vendors remain 
hesitant to include the software directly. Again, users typically 
are directed to a distribution point on the Internet where they 
can acquire the software they need to watch their legally 
purchased discs. Although these extra steps may seem 
trivial to seasoned users, they often are confusing and seem 
unnecessary to novices, especially when there is little or no 
understanding of the legal ramifications. Nevertheless, until 
patent encumbrance and copyright entanglements are things 
of the past, the extra steps will be necessary if users expect 
fully functional media playback. 


Game Sound 
Beyond PySo/ and XScrabble, I'm not much of a gamer. 
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INDEPTH 


Most of the currently maintained 
game development toolkits 
(ClanLib, Crystal Space and SDL) 
support ALSA and OSS, but the 
Allegro library also supports JACK, 
which | think is very cool. 


However, | do follow the updates on the Linux Game Tome 
and the Linux Games sites, and the scene for Linux gaming 
and game development clearly is alive and active. Game- 
centric programming toolkits flourish; new games appear 
frequently (with the attendant and predictable variability in 
quality), and even the occasional port from Windows shows 
up. The common critique | hear from avid gamers is that Linux 
is a great platform for running games, but too few great 
games exist in native Linux versions. Indeed, Windows users 
can claim a massive number of high-quality games available 
only for that platform, but from this dabbler’s perspective, 
the Linux gaming world is healthy and developing nicely. 

Most of the currently maintained game development 
toolkits (ClanLib, Crystal Space and SDL) support ALSA and 
OSS, but the Allegro library also supports JACK, which | think 
is very cool. The OpenAL Project still is under development, but 
slowly. Creative Labs and Apple have invested in the system's 
development, mainly for Vista and OS X, but it appears that 
3-D and surround sound (5.1, 7.1) are fully supported in the 
Linux releases as well. 


Embedded Devices 

Linux-powered portable hardware is common these days, so 
we can expect to encounter the Linux sound system at work in 
those devices too. Alas, | own no such devices and cannot 
directly comment on implementation and performance of the 
sound system in that hardware. However, LinuxDevices.com 


Figure 2. The Trinity DAW 
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publishes a handy on-line list of Linux-powered audio/video 
devices, most of which are media players, set-top boxes, 
integrated media phones and so forth. Two notable exceptions 
to the category include Ron Stewart's amazing Trinity, a 
portable Linux-powered DAW (Figure 2), and the Plugzilla, 
a rackmounted standalone audio plugins player. | don’t own 
either of those units, but both should be tested and evaluated 
as soon as possible. 


Emulators and Proprietary Software 

The Wine Project has reached its 1.0 release stage. Among its 
many virtues, we find support for a variety of audio/MIDI back 
ends, including ALSA, JACK and OSS. Some sound and music 
programs for Windows run flawlessly with Wine, including 
Cockos Software's excellent Reaper audio/MIDI sequencer, 
thanks to work on the wineasio driver. This driver communi- 
cates with Wine’s JACK support to yield surprising low-latency 
performance when running ASIO-compliant Windows applica- 
tions under Wine, including VST/VSTi plugins. However, even 
with wineasio, it still is unlikely that the major music and 
sound packages for Windows (Cubase, Logic, Finale and so 
on) will run flawlessly under Wine. Those programs tend to 
be large packages with a complicated relationship to the 
operating system, typically more complicated than can be 
emulated with Wine. 

Ardi’s Executor, a Mac OS emulator, is gone, but at 
least two good Atari emulators remain. If you want to run 
all that late 1980s MIDI music software written for the 
Motorola 68K CPUs, XSteem and Hatari will do the job. 
Alas, the Steem Project appears to on hold, but Hatari is 
in current development. 

The DOSemu Project continues on its steady development 
track. Recent releases include significant improvements to the 
emulator’s sound and music capabilities, better integrating its 
functions with the kernel’s ALSA system. The DOSBox Project 
supports sound through the SDL audio library, with special 
emphasis on game sound compatibility. MIDI output is 
supported, but current versions lack MIDI input capability. 

Emulators may become relics if virtualization delivers equal 
or better performance. | have not yet tested music and sound 
applications in environments such as VMware or VirtualBox, 
but the specifications for those systems typically include ALSA 
and OSS support via virtualized hardware. Unfortunately, 
the virtual sound devices are compatible typically with the 
SoundBlaster16 or Intel’s ubiquitous AC97 audio codec. These 
devices are sufficient for low-demand programs, but they are 
not suitable for use with high-end music and sound software 
for Windows. 

A few intrepid commercial sound and music software 
houses have offered Linux ports of their packages. The Renoise 
tracker (Figure 3) is available in an excellent version for native 
Linux. Jorgen Aase’s energyXT2 DAW (digital audio worksta- 
tion) has a sizable base of Linux users, and Garritan recently 
announced that Aria, its next-generation sampler engine, 
will be available in a native Linux version. Other vendors, such 
as NCH Software (WavePad) and Cockos (Reaper), advertise 
that their programs work with Wine and extend official 
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Figure 3. Renoise in Its Native Linux Version 


support to that environment. 

The number of these packages hardly constitutes a flood 
of releases from major Windows developers, but such small 
streams can grow. More users are becoming interested in 
Linux, and some percentage of those users will be focused on 
its audio capabilities and its applications for sound and music 
production. An opportunity exists for commercial developers to 
expand into the Linux world, and their way has been made 
clear by the solidity of the Linux audio infrastructure. | applaud 
the houses that already have crossed into the Linux world, but 
it remains to be seen whether these motivations and attrac- 
tions are strong enough to compel other commercial houses to 
develop native Linux packages of their software. 


The Linux audio infrastructure provides well-designed and 
well-tested programming interfaces for sound and music 
applications developers, particularly if they employ JACK to 
handle audio (and now MIDI) I/O. Alternatives include the 
OSS API and directly programming ALSA, but JACK is truly 
the superior solution. 

Regarding GUI toolkits: Qt and GTK remain the dominant 
players, but FLTK and wxWidgets also are popular. This 
multiplicity of GUI toolkits has been a problem for plugin 
developers, although the emerging LV2 specification may 
resolve that issue. 

Python and its GUI bindings have become popular for 
some types of music applications, Tcl/Tk remains a popular 
scripting language for smaller applications and rapid prototyp- 
ing, and Java programmers have added a sizable number of 
excellent applications to the Linux audio software armory. Java 
audio programmers also can employ JJack, a JACK audio driver 
for the JavaSound API. At this time, only the Frinika sequencer 


makes use of JJack, but | hope to see it receive the attention 
it deserves. 

The JUCE multiplatform development environment provides 
excellent tools for developing audio applications. The JUCE 
framework is fully JACK-compliant, but unfortunately, its 
adoption has been slow so far. Current implementations 
include Rick Taube’s GraceCL (next-generation algorithmic 
music environment), Kjetil Mattheussen’s Mammut (massive 
FFT audio transformer) and Lucio Asnaghi’s JOST plugin 
system. These programs all have attractive GUls with excellent 
audio capabilities—all courtesy the JUCE framework. 


Audio/video-optimized Linux distributions are flourishing. 
Stand-out systems include Planet CCRMA, 64 Studio, JAD, 
Musix, Dynebolic and Ubuntu Studio. Some of these distros 
include ISO images for making live CDs that can be used 
to test the system without installing it to your hard disk. 
All of them have been engineered for low-latency perfor- 
mance, and all are currently maintained. These distributions 
are the Linux audio novice’s best friends; they are highly 
recommended for anyone who wants to work seriously 
with audio/MIDI on Linux. 
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Community 

Ivica Ico Bukvic is the current director of Linuxaudio.org, which 
is “...a not-for-profit consortium of libre software projects and 
artists, companies, institutions, organizations and hardware 
vendors using Linux kernel-based systems and allied libre soft- 
ware for audio-related work, with an emphasis on professional 
tools for the music, production, recording and broadcast 
industries.” Among its many purposes, the organization func- 
tions as a portal to a variety of “priority” links, including URLs 
for an applications index, a software mirror, a VST plugins 
compatibility database and other useful resources. 

Linux audio developers meet annually at the Linux Audio 
Conference, held in Koln in 2008. Rumor says that LAC2009 
may be held in Parma, Italy, but no definite plans have been 
made at the time of this writing. This conference is the event 
of the season for Linux sound folk—a four-day fiesta of pre- 
sentations, performances and much sharing of ideas, code and 
music. Keep an eye on the LAC link page at Linuxaudio.org for 
news of next year’s conference, and be there if you can. 

Program-centric communities have evolved around the main- 
tained projects. Communications channels include the typical 
forums, wikis, mailing lists and IRC channels, but they now 
include channels, such as YouTube and MySpace. YouTube has 
become an especially useful channel for demonstration and 
instructional videos. Some examples of Linux audio software in 
action can be found there now, and | expect more to appear. 

A wide variety of music made with Linux software can be 
heard at Hans Fugal’s LAM site. Other good sources for Linux- 
made music include the Linux Audio Users mailing-list archives, 
the Internet Archive and, of course, the forums and other 
comm channels mentioned above. 


Closing Remarks 
In my opinion, the Linux audio infrastructure is now a solid 
structure, with exceptional capabilities and provision for future 
development. JACK is by itself a most remarkable achieve- 
ment, and it has become the cornerstone for all serious audio 
applications, particularly in the pro-audio domain. 
Configuration has been all but completely automated dur- 
ing installation, and post-installation configuration has become 
a no-brainer in most distributions. Distribution developers 


deserve high praise for the work done in this regard. Again, 
it's not sexy stuff, but it makes a great difference to the 
newbies and even to the not-so-newbies. 

Audio performance on the normal multitasking desktop 
has been a problematic point, but the PulseAudio Project 
promises a satisfactory resolution to that problem. Only time 
will tell if its adoption becomes widespread. 

Normal applications that require audio support are well 
served by the current software map. Requested features are 
being implemented, and usability has improved greatly since 
Ye Olden Times. With software mixing and relatively xrun-free 
playback, the desktop audio system is looking and sounding 
better all the time. 


Outro 
In Part Il of this article, I'll assess the current state of development 
of Linux sound and music applications. Until then, stay tuned.m 


Dave Phillips is a professional musician and writer living in Findlay, Ohio. He’s been using Linux 
since the mid-1990s and was one of the original founders of the Linux Audio Developers group. 
He is the author of The Book of Linux Music & Sound (No Starch Press, 2000) and has written 
many articles on Linux music and sound issues for various journals and on-line news sites. 
When he isn’t playing with light and sound, he enjoys reading Latin literature, practicing t’ai chi, 
chasing shar-pei puppies and spending time with his beloved Ivy. 


Resources 


Linux Journal On-line Articles by Dave Phillips: 
www.linuxjournal.com/users/dave-phillips/track 


List of Linux-Powered Hardware at LinuxDevices.com: 
www.linuxdevices.com/articles/AT5690634012.html 


The Linux Sound and Music Software Index at 
Linuxaudio.org: apps.linuxaudio.org 


The Linux Sound and Music Applications List at 
linux-sound.org: linux-sound.org 


The Linux Audio Music Site: lam.fugal.net 


13%, 5-3 Easily Remove an Application after Installing from Source 


If the program you want to install doesn’t have a package 
for your distribution, you can use checkinstall to make one. 
Checkinstall makes Debian-, RPM- and Slackware-compatible 
packages. You can find checkinstall at asic-linux.com.mx/ 
~izto/checkinstall. 

Once you install it, download the source to the program you 
want to install and configure it and build it just as you normally 
would do. When it’s time to run make install, use this instead: 
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# checkinstall 


Checkinstall will make a package and install it on your 
system. The original motivation for checkinstall was to create 
an easy way to remove programs that had been installed from 
source. Now that you have a package, you can remove it like 
any other package on your system. 

—MATTHEW MARTIN 
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What Happens after 
Next February? 


How Linux models a DIY path out of the 
coming DTV catastrophe. Doc SEARLS 


Like many older geeks, | cut my technical 
teeth by hacking radio and television gear. 
| built my first AM receivers with crystals 
and wires wrapped around oatmeal boxes. 
In grade school, | built receivers and trans- 
mitters from kits by Lafayette and Heath. 

| became a ham radio operator at age 12, 
and | was obsessed with the innards of my 
Hammarlund HQ-129x receiver and my 
Johnson Viking | transmitter. 

In high school, | put a home-brew 
radio station on the air, at 550kc (this 
was before we called cycles Hertz) on 
the AM dial. We had only dials then. | 
possessed defective math skills, but | 
was good with the concepts, especially 
as they applied in the terrestrial sphere. 
| understood the inverse square law and 
the geometries of wavelength applied 
to signals working in the real world. 

In college, | followed a digressive path 
into the humanities, but maintained an 
obsession with RF transmission and prop- 
agation. In my twenties, | worked for a 
while in radio (where | got the Doc nick- 
name), where among my duties was 
tweaking transmitters and climbing tow- 
ers to change bulbs. Among my many 
minor distinctions was laying out the 
scenario by which many small-town FM 
stations in central North Carolina would 
grow to become 100,000-watt giants on 
towers up to 2,000-feet high, serving 
large portions of the state and beyond. 

Today, on this page, | am committing 
a bold prophesy—one informed by more 
than 50 years of obsessing about RF 
propagation: television as we know it will 
end next February. It will end because 
nearly every station, by long-standing 
FCC orders, will vacate the familiar chan- 
nel on which it has radiated for genera- 
tions and go somewhere else on what 
used to be TV's “dial”. More important, 
you're not going to get a signal at all 


unless you're lucky enough to live within 
sight of the transmitting antenna. 

Well, you might say, most of us don’t 
get TV from antennas anymore. We get 
them from cable or satellite, which is 
true. And, most stations will continue to 
call themselves Channel 2 or Channel 13, 
even if their new digital signal is on 
Channel 50 or on Channel 18. But there 
will still be problems. UHF doesn’t propa- 
gate as well as VHF. Digital signals don’t 
degrade as gracefully. And, getting a 
converter box to turn digital signals into 
analog ones for your old television will be 
pointless if there’s no signal there at all. 

| won't even bother going into the 
other ways that DTV transmission will 
be a bust. The only thing that matters is 
that the conceptual basis of TV as we've 
known it since WWll-—signals transmitted 
through the air, serving a physically limited 
region—will be nullified by reality. And, 
that reality will include far more than 
technical failings on the transmit side. 
The far bigger revolution will be on the 
production side. Because production 
won't be limited to entertainment giants 
pumping “programs” through a limited 
set of familiar “channels”. Instead, the 
power to produce will belong to every- 
body. The ends will have the means. 
Horses will leave TV barns by the millions. 

Which brings me to Linux, free 
software and open source. We've been 
modeling the DIY production of goods 
in the wild for the better part of two 
decades (or longer if we date our start 
with the origins of the Free Software 
movement). We've also been building 
our own “solutions” since long before 
that term came into vogue as a synonym 
for “products”. 

It’s no coincidence that the transmit- 
ters on which billions watch YouTube 
are Linux servers. Or that Linux is in 
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most of the world’s set-top-boxes 
already. As we pointed out in an 
UpFront piece last month, it’s even in 
the new Sony Bravia flat screens too. 

But, those solutions are all locked up. 
We need the open ones now—ones that 
let people produce and distribute whatever 
they want, any way they want, without 
the need to live within the channel-bound 
framework of the old closed world of 
television's “content distribution”. We 
need Google, Amazon and other big 
“back-end” services to store our produced 
goods and distribute them agnostically— 
that is, without subordinating us to 
back-room dealings with Hollywood. 

That's where the rub will come in. 
After TV as we know it fails in February, 
look for Hollywood to do new deals 
with the cable and phone carriers. 
The deal will be to create a two-tiered 
Internet—one in which the fast part 
will be a new TV transmission system 
to replace the old one. On the receiving 
end of Hollywood bucks will be AT&T, 
Comcast, Cox, Time-Warner and 
Verizon. The end result will be big 
downstream bandwidth for Big 
Content, and few if any upstream 
improvements for “consumers”. 

We have to fight that. There will 
be much call for taking the fight to 
Congress, but the more important battle 
will be in our own brains, where we'll 
need to come up with inventions that 
mother necessity for a symmetrical, 
unbiased Internet that works as a pure 
utility for everybody. If we succeed, the 
Linux Way wins. If we fail, we'll get TV 
2.0. Sadly, it will be built on Linux too.— 


Doc Searls is Senior Editor of Linux Journal and a fellow with 
both Berkman Center for Internet and Society at Harvard 
University and the Center for Information Technology and 
Society at the University of California, Santa Barbara. 
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You need the world’s leader in hosting. 


e The Fanatical Support Promise™ 

e Industry Leading Service Level Agreements and Guarantees 
¢ Dedicated Support Team Assigned to Every Customer 

e 24x7x365 Live Support — No Call Centers 

e Proactive Sales and Support Consultation 
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AffordableyinfiniBandfSolutions 


TriCom™ 


DDR/SDR InfiniBand HCA 
"Switchless" serial console 
NodeWatch web enabled 
remote monitor and control 


Headers to fan tach lines, 
voltages, temperature probes 


8051 BMC interface and PS On/Off and MB reset 


serial console switch 


COM2 
Internal connector 


RJ45 

RS-485/422 
Daisy chain 
connectors 


Mellanox™ InfiniHost III 
InfiniBand InfiniBand HCA 


connector 
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ServaStor™ 


Extensible IB based storage 
building blocks 

Redundant and scalable 
Parallel file systems 

Open source software 
On-line capacity expansion 
RAID 0,1,1E, 3, 5, 6, 10, 50 


To speak to an HPC expert 

call 508 746-7341 and ask 

for technical sales or email 
sales@microway.com 
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FasTree™’ 


DDR InfiniBand switches 
Low latency, modular design 
24, 36 and 48 port building blocks 


oo leavers Urea es (4 

wu. twetmienein, 2S Se ee |° 
ll is 

ee at er th a ct == e 

. SS Sea ere, | “ 


ed eee an er 
oe bethentte ete ie ee 
“a a) 0 a a, 

“yy 


InfiniScope™ 


Monitors ports on HCA’s and switches 
Provides real time BW diagnostics 
Finds switch and cable faults 

Lane 15 interface 

Logs all IB errors 


Technology you can count on™ 


